all InfoSec news
VU#304455: Authentication Bypass in Tenda N300 Wireless N VDSL2 Modem Router
CERT Recently Published Vulnerability Notes kb.cert.org
Overview
An authentication bypass vulnerability exists in the N300 Wireless N VDSL2 Modem Router manufactured by Tenda. This vulnerability allows a remote, unauthenticated user to access sensitive information.
Description
CVE-2023-4498 is an authentication bypass vulnerability that enables an unauthenticated attacker who has access to the web console, either locally or remotely, to access resources that would normally be protected. The attacker can construct a web request that includes a white-listed keyword in the path, causing the URL to be served …
access attacker authentication authentication bypass bypass bypass vulnerability console cve information locally modem router sensitive sensitive information the web unauthenticated vulnerability web wireless