all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

VU#304455: Authentication Bypass in Tenda N300 Wireless N VDSL2 Modem Router

Add to bookmarks
Sept. 6, 2023, 12:05 p.m. |

CERT Recently Published Vulnerability Notes kb.cert.org

Overview


An authentication bypass vulnerability exists in the N300 Wireless N VDSL2 Modem Router manufactured by Tenda. This vulnerability allows a remote, unauthenticated user to access sensitive information.


Description


CVE-2023-4498 is an authentication bypass vulnerability that enables an unauthenticated attacker who has access to the web console, either locally or remotely, to access resources that would normally be protected. The attacker can construct a web request that includes a white-listed keyword in the path, causing the URL to be served …

access attacker authentication authentication bypass bypass bypass vulnerability console cve information locally modem router sensitive sensitive information the web unauthenticated vulnerability web wireless

Visit resource

More from kb.cert.org / CERT Recently Published Vulnerability Notes

VU#163057: BMC software fails to validate IPMI session. 6 days, 9 hours ago | kb.cert.org
abuse access attacker baseboard management controller +17
VU#238194: R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds … 1 week ago | kb.cert.org
arbitrary code arbitrary code execution attacker can +15
VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models 2 weeks, 6 days ago | kb.cert.org
application arbitrary code attacker attackers +14
VU#123335: Multiple Programming Languages Fail to Escape Arguments Properly in Microsoft Windows 3 weeks, 5 days ago | kb.cert.org
arbitrary code attackers cases code +15
VU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks 3 weeks, 6 days ago | kb.cert.org
architectures attacker attacks bhi +20
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks 1 month ago | kb.cert.org
attacks can dos fragments +6
VU#417980: UDP-based, application-layer protocol implementations are vulnerable to network loops 1 month, 2 weeks ago | kb.cert.org
abuse application applications attacker +18
VU#488902: CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions 1 month, 3 weeks ago | kb.cert.org
architectures attacker can conditions +13
VU#949046: Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file … 1 month, 4 weeks ago | kb.cert.org
app attacks bluetooth called +11

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Director, Cyber Risk

@ Kroll | South Africa
View on infosec-jobs.com

Security Engineer, XRM

@ Meta | New York City
View on infosec-jobs.com

Security Analyst 3

@ Oracle | Romania
View on infosec-jobs.com

Internship - Cyber Security Operations

@ SES | Betzdorf, LU
View on infosec-jobs.com

Principal Product Manager (Network/Security Management) - NetSec

@ Palo Alto Networks | Bengaluru, India
View on infosec-jobs.com

IT Security Engineer

@ Timocom GmbH | Erkrath, Germany
View on infosec-jobs.com
View more jobs