CVE-2022-36552
HIGHTenda AC6 Firmware < 02.03.01.114 - Unauthenticated Arbitrary File Read via DownloadFlash Endpoint
Title source: llmDescription
Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi-bin/DownloadFlash which allows attackers to steal all data such as source code and system files via a crafted GET request.
References (3)
Core 3
Core References
Not Applicable x_refsource_misc
http://tenda.com
Permissions Required, Product, URL Repurposed x_refsource_misc
http://ac6ac1200.com
Permissions Required, Third Party Advisory x_refsource_misc
https://drive.google.com/drive/folders/1VxR4lhaWNWLuAPdJK2aRF6zfo_mRyiFO?usp=sharing
Scores
CVSS v3
7.5
EPSS
0.0072
EPSS Percentile
48.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-552
Status
published
Products (1)
tendacn/ac6_firmware
< 02.03.01.114
Published
Aug 30, 2022
Tracked Since
Feb 18, 2026