CVE-2015-5995

CRITICAL

Mediabridge Medialink MWN-WAPR300N/Tenda N3 - Auth Bypass

Title source: llm

Description

Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Mandeep Jadon · textwebappshardware

https://www.exploit-db.com/exploits/41402

View Code ZIP pw:eip

nomisec WORKING POC 9 stars

by shaheemirza · poc

https://github.com/shaheemirza/TendaSpill

View Code ZIP pw:eip

References (1)

[Third Party Advisory, US Government Resource] https://www.kb.cert.org/vuls/id/630872

Scores

CVSS v3 9.8

EPSS 0.3820

EPSS Percentile 97.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-264

Status published

Products (2)

mediabridge/medialink_mwn-wapr300n_firmware < 5.07.50

tenda/n3_wireless_n150

Published Dec 31, 2015

Tracked Since Feb 18, 2026