CVE-2023-47422

HIGH

Tenda TX9 AX3 AX9 AX12 Firmware - Unauthenticated Authentication Bypass via Crafted URL

Title source: llm

Description

An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL.

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/xiaobye-ctf/My-CVE/tree/main/Tenda/CVE-2023-47422

Scores

CVSS v3 8.8

EPSS 0.0002

EPSS Percentile 4.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-284

Status published

Products (4)

tenda/ax12_firmware 22.03.01.46

tenda/ax3_firmware 16.03.12.11

tenda/ax9_firmware 22.03.01.46

tenda/tx9_firmware 22.03.02.54

Published Feb 20, 2024

Tracked Since Feb 18, 2026