Sign-up

ID

VAR-202403-0713


CVE

CVE-2024-2560


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  AC18  Cross-site request forgery vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-017267

DESCRIPTION

A vulnerability classified as problematic was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd

Trust: 1.62

sources: NVD: CVE-2024-2560 // JVNDB: JVNDB-2024-017267

AFFECTED PRODUCTS

vendor:tendamodel:ac18scope:eqversion:15.03.05.05

Trust: 1.0

vendor:tendamodel:ac18scope: - version: -

Trust: 0.8

vendor:tendamodel:ac18scope:eqversion:ac18 firmware 15.03.05.05

Trust: 0.8

vendor:tendamodel:ac18scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-017267 // NVD: CVE-2024-2560

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-2560
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2024-2560
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2024-017267
value: MEDIUM

Trust: 0.8

cna@vuldb.com: CVE-2024-2560
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2024-017267
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2024-2560
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: JVNDB-2024-017267
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-017267 // NVD: CVE-2024-2560 // NVD: CVE-2024-2560

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.0

problemtype:Cross-site request forgery (CWE-352) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-017267 // NVD: CVE-2024-2560

EXTERNAL IDS

db:NVDid:CVE-2024-2560

Trust: 2.6

db:VULDBid:257059

Trust: 1.8

db:JVNDBid:JVNDB-2024-017267

Trust: 0.8

sources: JVNDB: JVNDB-2024-017267 // NVD: CVE-2024-2560

REFERENCES

url:https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/ac18/fromsystoolrestoreset.md

Trust: 1.8

url:https://vuldb.com/?id.257059

Trust: 1.8

url:https://vuldb.com/?ctiid.257059

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-2560

Trust: 0.8

sources: JVNDB: JVNDB-2024-017267 // NVD: CVE-2024-2560

SOURCES

db:JVNDBid:JVNDB-2024-017267
db:NVDid:CVE-2024-2560

LAST UPDATE DATE

2025-01-25T22:51:15.401000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-017267date:2025-01-23T02:42:00
db:NVDid:CVE-2024-2560date:2025-01-22T17:51:20.490

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-017267date:2025-01-23T00:00:00
db:NVDid:CVE-2024-2560date:2024-03-17T11:15:06.297