CVE-2023-47422 — HIGH (8.8)

Vulnerability Description

An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Tenda	Tx9 Firmware	22.03.02.54
Tenda	Tx9	v1
Tenda	Ax3 Firmware	16.03.12.11
Tenda	Ax3	v3
Tenda	Ax9 Firmware	22.03.01.46
Tenda	Ax9	v1
Tenda	Ax12 Firmware	22.03.01.46
Tenda	Ax12	v1

Related Weaknesses (CWE)

CWE-284

References

https://github.com/xiaobye-ctf/My-CVE/tree/main/Tenda/CVE-2023-47422ExploitThird Party Advisory
https://github.com/xiaobye-ctf/My-CVE/tree/main/Tenda/CVE-2023-47422ExploitThird Party Advisory

FAQ

What is CVE-2023-47422?

CVE-2023-47422 is a vulnerability with a CVSS score of 8.8 (HIGH). An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication ...

How severe is CVE-2023-47422?

CVE-2023-47422 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-47422?

Check the references section above for vendor advisories and patch information. Affected products include: Tenda Tx9 Firmware, Tenda Tx9, Tenda Ax3 Firmware, Tenda Ax3, Tenda Ax9 Firmware.