Vulnerability Description
Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tenda | N301 Firmware | 12.02.01.61_multi |
| Tenda | N301 | 6.0 |
Related Weaknesses (CWE)
References
- https://medium.com/%400ta/tenda-n301-v6-cve-2023-29680-cve-2023-29681-a40f7ae6dc
- https://www.youtube.com/watch?v=Xy9_hmpvvA4&ab_channel=0taExploit
- https://medium.com/%400ta/tenda-n301-v6-cve-2023-29680-cve-2023-29681-a40f7ae6dc
- https://www.youtube.com/watch?v=Xy9_hmpvvA4&ab_channel=0taExploit
FAQ
What is CVE-2023-29681?
CVE-2023-29681 is a vulnerability with a CVSS score of 5.7 (MEDIUM). Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the pa...
How severe is CVE-2023-29681?
CVE-2023-29681 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-29681?
Check the references section above for vendor advisories and patch information. Affected products include: Tenda N301 Firmware, Tenda N301.