ID
CVE
TITLE
Shenzhen Tenda Technology Co.,Ltd. of AC18 Cross-site request forgery vulnerability in firmware
sources:
JVNDB: JVNDB-2024-017596
DESCRIPTION
A vulnerability classified as problematic has been found in Tenda AC18 15.03.05.05. Affected is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd
sources:
NVD: CVE-2024-2559 //
JVNDB: JVNDB-2024-017596
AFFECTED PRODUCTS
| vendor: | tenda | model: | ac18 | scope: | eq | version: | 15.03.05.05 | |
| vendor: | tenda | model: | ac18 | scope: | eq | version: | - | |
| vendor: | tenda | model: | ac18 | scope: | - | version: | - | |
| vendor: | tenda | model: | ac18 | scope: | eq | version: | ac18 firmware 15.03.05.05 | |
sources:
JVNDB: JVNDB-2024-017596 //
NVD: CVE-2024-2559
CVSS
SEVERITY | CVSSV2 | CVSSV3 |
| cna@vuldb.com: | CVE-2024-2559 | |
|
| value: | MEDIUM | | | nvd@nist.gov: | CVE-2024-2559 | |
|
| value: | MEDIUM | | | OTHER: | JVNDB-2024-017596 | |
|
| value: | MEDIUM | |
| | cna@vuldb.com: | CVE-2024-2559 | |
|
| severity: | MEDIUM | | baseScore: | 5.0 | | vectorString: | AV:N/AC:L/AU:N/C:N/I:P/A:N | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | NONE | | confidentialityImpact: | NONE | | integrityImpact: | PARTIAL | | availabilityImpact: | NONE | | exploitabilityScore: | 10.0 | | impactScore: | 2.9 | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | | | OTHER: | JVNDB-2024-017596 | |
|
| severity: | MEDIUM | | baseScore: | 5.0 | | vectorString: | AV:N/AC:L/AU:N/C:N/I:P/A:N | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | NONE | | confidentialityImpact: | NONE | | integrityImpact: | PARTIAL | | availabilityImpact: | NONE | | exploitabilityScore: | NONE | | impactScore: | NONE | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | |
| | cna@vuldb.com: | CVE-2024-2559 | |
|
| baseSeverity: | MEDIUM | | baseScore: | 4.3 | | vectorString: | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | | attackVector: | NETWORK | | attackComplexity: | LOW | | privilegesRequired: | NONE | | userInteraction: | REQUIRED | | scope: | UNCHANGED | | confidentialityImpact: | NONE | | integrityImpact: | LOW | | availabilityImpact: | NONE | | exploitabilityScore: | 2.8 | | impactScore: | 1.4 | | version: | 3.1 | | | nvd@nist.gov: | CVE-2024-2559 | |
|
| baseSeverity: | MEDIUM | | baseScore: | 6.5 | | vectorString: | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N | | attackVector: | NETWORK | | attackComplexity: | LOW | | privilegesRequired: | NONE | | userInteraction: | REQUIRED | | scope: | UNCHANGED | | confidentialityImpact: | NONE | | integrityImpact: | HIGH | | availabilityImpact: | NONE | | exploitabilityScore: | 2.8 | | impactScore: | 3.6 | | version: | 3.1 | | | NVD: | JVNDB-2024-017596 | |
|
| baseSeverity: | MEDIUM | | baseScore: | 6.5 | | vectorString: | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N | | attackVector: | NETWORK | | attackComplexity: | LOW | | privilegesRequired: | NONE | | userInteraction: | REQUIRED | | scope: | UNCHANGED | | confidentialityImpact: | NONE | | integrityImpact: | HIGH | | availabilityImpact: | NONE | | exploitabilityScore: | NONE | | impactScore: | NONE | | version: | 3.0 | |
|
sources:
JVNDB: JVNDB-2024-017596 //
NVD: CVE-2024-2559 //
NVD: CVE-2024-2559
PROBLEMTYPE DATA
| problemtype: | CWE-352 | |
| problemtype: | Cross-site request forgery (CWE-352) [ others ] | |
sources:
JVNDB: JVNDB-2024-017596 //
NVD: CVE-2024-2559
EXTERNAL IDS
| db: | NVD | id: | CVE-2024-2559 | |
| db: | VULDB | id: | 257058 | |
| db: | JVNDB | id: | JVNDB-2024-017596 | |
sources:
JVNDB: JVNDB-2024-017596 //
NVD: CVE-2024-2559
REFERENCES
| url: | https://vuldb.com/?id.257058 | |
| url: | https://vuldb.com/?ctiid.257058 | |
| url: | https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/ac18/fromsystoolreboot.md | |
| url: | https://nvd.nist.gov/vuln/detail/cve-2024-2559 | |
sources:
JVNDB: JVNDB-2024-017596 //
NVD: CVE-2024-2559
SOURCES
| db: | JVNDB | id: | JVNDB-2024-017596 |
| db: | NVD | id: | CVE-2024-2559 |
LAST UPDATE DATE
2025-01-29T23:28:46.207000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2024-017596 | date: | 2025-01-28T06:01:00 |
| db: | NVD | id: | CVE-2024-2559 | date: | 2025-01-27T16:50:41.160 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2024-017596 | date: | 2025-01-28T00:00:00 |
| db: | NVD | id: | CVE-2024-2559 | date: | 2024-03-17T10:15:06.923 |
