5.3 - VU#304455

Executive Summary

Summary
Title	Authentication Bypass in Tenda N300 Wireless N VDSL2 Modem Router

Informations
Name	VU#304455	First vendor Publication	2023-09-06
Vendor	VU-CERT	Last vendor Modification	2023-09-06
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Overall CVSS Score	5.3
Base Score	5.3	Environmental Score	5.3
impact SubScore	1.4	Temporal Score	5.3
Exploitabality Sub Score	3.9

Attack Vector	Network	Attack Complexity	Low
Privileges Required	None	User Interaction	None
Scope	Unchanged	Confidentiality Impact	Low
Integrity Impact	None	Availability Impact	None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	N/A	Attack Range	N/A
Cvss Impact Score	N/A	Attack Complexity	N/A
Cvss Expoit Score	N/A	Authentication	N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Overview

An authentication bypass vulnerability exists in the N300 Wireless N VDSL2 Modem Router manufactured by Tenda. This vulnerability allows a remote, unauthenticated user to access sensitive information.

Description

CVE-2023-4498 is an authentication bypass vulnerability that enables an unauthenticated attacker who has access to the web console, either locally or remotely, to access resources that would normally be protected. The attacker can construct a web request that includes a white-listed keyword in the path, causing the URL to be served directly (rather than blocked or challenged with an authentication prompt).

Impact

Successful exploitation of this vulnerability could grant the attacker access to pages that would otherwise require authentication. An unauthenticated attacker could thereby gain access to sensitive information, such as the Administrative password, which could be used to launch additional attacks.

Solution

There is no known solution to the vulnerability. Always update your router to the latest available firmware version. Disabling both the remote (WAN-side) administration services and the web interface on the WAN on any SoHo router is also recommended.

Acknowledgements

Thanks to the reporter from the Spike Reply Cybersecurity Team. This document was written by Timur Snoke.

Original Source

Url : https://kb.cert.org/vuls/id/304455

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-287	Improper Authentication

CPE : Common Platform Enumeration

Type	Description	Count
Os	Tenda N300 Firmware cpe:2.3:o:tenda:n300_firmware:53.0.1.6:::::::*	1

Alert History

If you want to see full details history, please login or register.

Date	Informations
2023-09-13 17:36:29	Multiple Updates
2023-09-07 00:22:07	Multiple Updates
2023-09-06 17:22:08	First insertion

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	1

	Related
5.3	CVE-2023-4498
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)