CRITICAL🇵🇱 Wersja polska

CVE-2025-63666

CVSS 9.8v3.1pub. 2025-11-12upd. 2025-11-17

Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to access protected resources.

🤖 AI Analysis
How it works

The device generates a session cookie that contains a hash of the user's password — sensitive information that should not be transmitted to the client. Additionally, the session identifier is short and based on entropy of low value, making it susceptible to brute-force guessing or analysis attacks. An attacker with access to the network or the ability to execute JavaScript code in the victim's browser (e.g., through XSS) can intercept such a cookie. After obtaining the cookie, the attacker can reuse it (replay attack), gaining access to the router's administrative panel without knowing the actual password.

Impact

An attacker can take full control of the Tenda AC15 router, gaining access to protected administrative resources — including the ability to modify network configuration, intercept network traffic, and potentially use the device as an entry point to the local network.

Mitigation & patch

Apply patches available from the manufacturer according to references. Until an update is released, it is recommended to restrict access to the router's administrative panel only to trusted hosts on the local network and avoid managing the device through untrusted networks.

Who is affected

Tenda AC15 firmware version v15.03.05.18_multi

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tenda Ac15

    HW
    Tenda
    wszystkie wersje
  • Tenda Ac15 Firmware

    OS
    Tenda
    15.03.05.18
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-10987CRITICAL9.8⚠ KEVten sam produkt

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute a...

CVE-2026-24103CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC15 — podatność w goform/formSetMacFilterCfg

CVE-2026-24105CRITICAL9.8PL ✓ten sam produkt

Command injection w Tenda AC15 — brak walidacji parametru w formsetUsbUnload

CVE-2026-24101CRITICAL9.8PL ✓ten sam produkt

Command injection w Tenda AC15 — brak walidacji parametru formSetIptv

CVE-2025-29462CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC15 — przepełnienie stosu przez HTTP