Cyber Resilience

CVE-2022-40843

MediumPublic PoC

Published: 15 November 2022

Published
15 November 2022
Modified
07 July 2025
KEV Added
Patch
CVSS Score v3.1 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.4040 97.4th percentile
Risk Priority 34 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-40843 is a medium-severity an unspecified weakness vulnerability in Tenda W15E Firmware. Its CVSS base score is 4.9 (Medium).

Operationally, ranked in the top 2.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

The Tenda AC1200 V-W15Ev2 router running firmware version V15.11.0.10(1576) contains an improper authorization and improper session management vulnerability that permits bypass of the device login page. The flaw is tracked as CVE-2022-40843 with a CVSS 3.1 base score of 4.9 and is classified under NVD-CWE-Other.

An attacker with network access can leverage the bypass to reach protected resources, specifically reading the router's syslog.log file and thereby obtaining the MD5 hash of the administrator account password. The current and peak EPSS scores for the CVE are both 0.4040, indicating moderate exploitation probability without evidence of a post-disclosure rise.

No vendor advisory or patch information is supplied in the available references.

EU & UK References

Vulnerability details

The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains…

more

the MD5 password of the Administrator's user account.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

tenda
w15e firmware
15.11.0.10\(1576\)

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References