Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2023-29680

Description

Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password.

POC

Reference

- https://medium.com/%400ta/tenda-n301-v6-cve-2023-29680-cve-2023-29681-a40f7ae6dc62

- https://medium.com/@0ta/tenda-n301-v6-cve-2023-29680-cve-2023-29681-a40f7ae6dc62

- https://www.youtube.com/watch?v=m7ZHfFcSKpU&ab_channel=0ta

Github

- https://github.com/zhanpengliu-tencent/medium-cve