CVE-2022-42077 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to CSRF attack via SysToolReboot function.

Due to the lack of CSRF protection, an attacker can exploit this vulnerability to hijack an authenticated user's session by sending them a specially crafted request.

An attacker can exploit this vulnerability to hijack an authenticated user's session by sending them a specially crafted request. On March 19, 2018, a high severity vulnerability was discovered in Tenda AC1206 smart wireless adapter. The high severity of this vulnerability makes it critical and required to update the firmware as soon as possible. The high severity of this vulnerability makes it critical and required to update the firmware as soon as possible. On March 19, 2018, a high severity vulnerability was discovered in Tenda AC1206 smart wireless adapter. The high severity of this vulnerability makes it critical and required to update the firmware as soon as possible. The high severity of this vulnerability makes it critical and required to update the firmware as soon as possible. On March 19, 2018, a high severity vulnerability was discovered in Tenda AC1206 smart wireless adapter. The high severity of this vulnerability makes it critical and required to update the firmware as soon as possible. The high severity of this vulnerability makes it critical and required to update the firmware as soon as possible. On March 19, 2018, a high severity vulnerability was discovered in Tenda AC1206 smart wireless adapter

What’s the risk of using an unupdated device?

If you use an unupdated device, your data is at risk. An attacker could use this vulnerability to steal passwords, hijack sessions, or cause a denial of service (DoS) attack. If an attacker can execute a single request on your website or app, they can get access to your user’s account for the site. An attacker could also cause the server application to crash or change the content of certain pages on your website.

Tenda AC1206 Vulnerability Details

The vulnerability exists in the authentication functionality of Tenda AC1206. An attacker can exploit this vulnerability to hijack an authenticated user's session by sending them a specially crafted request.

Tenda AC1206 Firmware Update

On March 19th, 2018 Tenda released a firmware update to fix the vulnerability. You can find the firmware here: http://www.tenda-eu.com/ac1206-firmware/index.html
This vulnerability has been identified and mitigated with the release of a new firmware version. The update is now available on both the official Tenda site as well as Amazon and other authorized resellers such as eBay and Aliexpress.

Timeline

Published on: 10/12/2022 19:15:00 UTC
Last modified on: 10/14/2022 15:00:00 UTC

References