Vulnerabilities > CVE-2023-43885 - Missing Authorization vulnerability in Tenda RX9 PRO Firmware 22.03.02.10

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

tenda

CWE-862

NVD

Published: 2023-11-07

Updated: 2023-11-16

Summary

Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device.

Vulnerable Configurations

Part	Description	Count
OS	Tenda Tenda RX9 PRO Firmware 22.03.02.10	1
Hardware	Tenda Tenda RX9 PRO -	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://blog.rtlcopymemory.com/tenda-rx9-pro/