A remote attacker can trick the user to perform an action on the site, such as purchasing equipment, by sending a specially crafted request.

4. Tenda AX1803 wireless router has XSS via TendaAteMode function.

A user can be tricked into changing their password via XSS in function TendaAteMode.

5. Unauthenticated remote attackers can access Tenda AX1803 router via password change request.

An attacker can send a request to the router to change the password, which can then be used to access the device.

6. Tenda AX1803 router has multiple issues that can be exploited by a remote attacker to gain access to the device.

Tenda AX1803 wireless router has multiple issues that can be exploited by a remote attacker .


There are many different flaws in the Tenda AX1803 router that can be exploited by a remote attacker. A remote attacker can gain access to the device via XSS, password change request, and more.

Tenda AX1803 wireless router has multiple security issues

The Tenda AX1803 wireless router has a variety of security vulnerabilities that could allow unauthorized access to the device. In particular, an attacker can gain access to the device by changing the password to one of the default settings. Additionally, there is an XSS vulnerability in the router's functions and traffic interception issues that could allow a remote attacker to gain access.

Remote Access Vulnerability

A remote attacker can trick the user to perform an action on the site, such as purchasing equipment, by sending a specially crafted request.

Remote Access to Router:

A Big Problem
Remote access to routers is a big problem. Remote attackers can exploit vulnerabilities on routers to gain access to the device and its data. These attackers can then use this access to cause damage or steal information from the device. In this post we’ll take a closer look at six ways in which a remote attacker could easily gain access to Tenda AX1803 wireless router, which is one of the most popular wireless routers on the market with over 2 million devices sold.

1. A user can be tricked into changing their password via XSS in function TendaAteMode.
This vulnerability enables an attacker to change their password by tricking users into visiting a malicious website and clicking on an embedded link that causes them to send an HTTP request containing their current password hash back to the site without being prompted for confirmation.
2. Unauthenticated remote attackers can access Tenda AX1803 router via password change request.
This vulnerability allows attackers on untrusted networks (such as public Wi-Fi) to bypass authentication by sending a request for a password change which will then be executed automatically because only authenticated requests will be processed by the router, but unauthenticated requests are not blocked from executing commands on it. This vulnerability also allows attackers to bypass authentication by requesting another person's WiFi network credentials or login token, which again would be executed automatically because only authenticated requests are handled by the router under normal circumstances.
3. Tenda AX1803 router has

Tenda AX1803 router has multiple vulnerabilities

Recently, it was announced that Tenda A/S has released a new wireless router with various vulnerabilities. These vulnerabilities include cross-site scripting (XSS), unauthenticated remote access, and information disclosure. If you own the Tenda AX1803 wireless router, make sure to update your device to prevent these vulnerabilities from being exploited.

Timeline

Published on: 10/12/2022 19:15:00 UTC
Last modified on: 10/14/2022 14:58:00 UTC

References