{"document":{"acknowledgments":[{"urls":["https://kb.cert.org/vuls/id/304455#acknowledgements"]}],"category":"CERT/CC Vulnerability Note","csaf_version":"2.0","notes":[{"category":"summary","text":"### Overview\r\nAn authentication bypass vulnerability exists in the N300 Wireless N VDSL2 Modem Router manufactured by Tenda. This vulnerability allows a remote, unauthenticated user to access sensitive information.\r\n\r\n### Description\r\n[CVE-2023-4498](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4498) is an authentication bypass vulnerability that enables an unauthenticated attacker who has access to the web console, either locally or remotely, to access resources that would normally be protected. The attacker can  construct a web request that includes a white-listed keyword in the path, causing the URL to be served directly (rather than blocked or challenged with an authentication prompt).\r\n\r\n### Impact\r\nSuccessful exploitation of this vulnerability could grant the attacker access to pages that would otherwise require authentication. An unauthenticated attacker could thereby gain access to sensitive information, such as the Administrative password, which could be used to launch additional attacks.\r\n\r\n### Solution\r\nThere is no known solution to the vulnerability.  Always update your router to the latest available firmware version. Disabling both the remote (WAN-side) administration services and the web interface on the WAN on any SoHo router is also recommended.\r\n\r\n### Acknowledgements\r\nThanks to the reporter from the Spike Reply Cybersecurity Team. This document was written by Timur Snoke.","title":"Summary"},{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ","title":"Legal Disclaimer"},{"category":"other","text":"CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ","title":"Limitations of Advisory"},{"category":"other","text":"The vendor has been unresponsive and has not addressed this issue as far as we know.","title":"CERT/CC comment on Tenda notes"}],"publisher":{"category":"coordinator","contact_details":"Email: cert@cert.org, Phone: +1412 268 5800","issuing_authority":"CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ","name":"CERT/CC","namespace":"https://kb.cert.org/"},"references":[{"url":"https://certcc.github.io/certcc_disclosure_policy","summary":"CERT/CC vulnerability disclosure policy"},{"summary":"CERT/CC document released","category":"self","url":"https://kb.cert.org/vuls/id/304455"},{"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4498","summary":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4498"}],"title":"Authentication Bypass in Tenda N300 Wireless N VDSL2 Modem Router","tracking":{"current_release_date":"2023-09-06T20:09:14+00:00","generator":{"engine":{"name":"VINCE","version":"3.0.35"}},"id":"VU#304455","initial_release_date":"2023-09-06 12:05:20.895541+00:00","revision_history":[{"date":"2023-09-06T20:09:14+00:00","number":"1.20230906200914.2","summary":"Released on 2023-09-06T20:09:14+00:00"}],"status":"final","version":"1.20230906200914.2"}},"vulnerabilities":[{"title":"Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn should be accessible to authenticated users only.","notes":[{"category":"summary","text":"Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn should be accessible to authenticated users only"}],"cve":"CVE-2023-4498","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#304455"}]}],"product_tree":{"branches":[]}}