CVE-2023-29681

MEDIUM

Tenda N301 v6.0 Firmware 12.03.01.06_pt - Cleartext Transmission of Sensitive Information in ecos_pw Cookie

Title source: llm

Description

Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password.

References (2)

Core 2

Core References

Various Sources

https://medium.com/%400ta/tenda-n301-v6-cve-2023-29680-cve-2023-29681-a40f7ae6dc62

Exploit

https://www.youtube.com/watch?v=Xy9_hmpvvA4&ab_channel=0ta

Scores

CVSS v3 5.7

EPSS 0.0004

EPSS Percentile 11.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-319

Status published

Products (1)

tenda/n301_firmware 12.02.01.61_multi

Published May 01, 2023

Tracked Since Feb 18, 2026