CVE-2022-40843
Published: 15 November 2022
Summary
CVE-2022-40843 is a medium-severity an unspecified weakness vulnerability in Tenda W15E Firmware. Its CVSS base score is 4.9 (Medium).
Operationally, ranked in the top 2.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
The Tenda AC1200 V-W15Ev2 router running firmware version V15.11.0.10(1576) contains an improper authorization and improper session management vulnerability that permits bypass of the device login page. The flaw is tracked as CVE-2022-40843 with a CVSS 3.1 base score of 4.9 and is classified under NVD-CWE-Other.
An attacker with network access can leverage the bypass to reach protected resources, specifically reading the router's syslog.log file and thereby obtaining the MD5 hash of the administrator account password. The current and peak EPSS scores for the CVE are both 0.4040, indicating moderate exploitation probability without evidence of a post-disclosure rise.
No vendor advisory or patch information is supplied in the available references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-44101
Vulnerability details
The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains…
more
the MD5 password of the Administrator's user account.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.