Vulnerability Description
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tenda | A5S Firmware | 3.02.05_cn |
| Tenda | A5S | - |
Related Weaknesses (CWE)
References
- http://osvdb.org/show/osvdb/110146
- http://packetstormsecurity.com/files/127905/Tenda-A5s-Router-Authentication-BypaExploit
- http://www.exploit-db.com/exploits/34361Exploit
- http://www.securityfocus.com/bid/69267
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95337
- http://osvdb.org/show/osvdb/110146
- http://packetstormsecurity.com/files/127905/Tenda-A5s-Router-Authentication-BypaExploit
- http://www.exploit-db.com/exploits/34361Exploit
- http://www.securityfocus.com/bid/69267
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95337
FAQ
What is CVE-2014-5246?
CVE-2014-5246 is a vulnerability with a CVSS score of 10.0 (HIGH). The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn.
How severe is CVE-2014-5246?
CVE-2014-5246 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5246?
Check the references section above for vendor advisories and patch information. Affected products include: Tenda A5S Firmware, Tenda A5S.