ID

VAR-202403-0814


CVE

CVE-2024-2816


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  AC15  Cross-site request forgery vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-003035

DESCRIPTION

A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vulnerability is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd

Trust: 1.62

sources: NVD: CVE-2024-2816 // JVNDB: JVNDB-2024-003035

AFFECTED PRODUCTS

vendor:tendamodel:ac15scope:eqversion:15.03.05.18

Trust: 1.0

vendor:tendamodel:ac15scope:eqversion: -

Trust: 0.8

vendor:tendamodel:ac15scope:eqversion:ac15 firmware 15.03.05.18

Trust: 0.8

vendor:tendamodel:ac15scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-003035 // NVD: CVE-2024-2816

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-2816
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2024-2816
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-2816
value: MEDIUM

Trust: 0.8

cna@vuldb.com: CVE-2024-2816
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

cna@vuldb.com: CVE-2024-2816
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-2816
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2024-2816
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-003035 // NVD: CVE-2024-2816 // NVD: CVE-2024-2816

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.0

problemtype:Cross-site request forgery (CWE-352) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-003035 // NVD: CVE-2024-2816

EXTERNAL IDS

db:NVDid:CVE-2024-2816

Trust: 2.6

db:VULDBid:257671

Trust: 1.8

db:JVNDBid:JVNDB-2024-003035

Trust: 0.8

sources: JVNDB: JVNDB-2024-003035 // NVD: CVE-2024-2816

REFERENCES

url:https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/ac15/v15.03.05.18/fromsystoolreboot.md

Trust: 1.8

url:https://vuldb.com/?id.257671

Trust: 1.8

url:https://vuldb.com/?ctiid.257671

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-2816

Trust: 0.8

sources: JVNDB: JVNDB-2024-003035 // NVD: CVE-2024-2816

SOURCES

db:JVNDBid:JVNDB-2024-003035
db:NVDid:CVE-2024-2816

LAST UPDATE DATE

2024-08-14T14:48:36.094000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-003035date:2024-03-28T00:56:00
db:NVDid:CVE-2024-2816date:2024-05-17T02:38:32.100

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-003035date:2024-03-28T00:00:00
db:NVDid:CVE-2024-2816date:2024-03-22T08:15:10.010