CVE-2024-2817: Tenda AC15 SysToolRestoreSet fromSysToolRestoreSet cross-site request forgery

4.3 CVSS

Description

A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affected by this issue is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Eine problematische Schwachstelle wurde in Tenda AC15 15.03.05.18 entdeckt. Dies betrifft die Funktion fromSysToolRestoreSet der Datei /goform/SysToolRestoreSet. Durch Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

Classification

CVE ID: CVE-2024-2817

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Problem Types

CWE-352 Cross-Site Request Forgery

Affected Products

Vendor: Tenda

Product: AC15

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 16.34% (scored less or equal to compared to others)

EPSS Date: 2025-04-20 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: poc

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-2817
https://vuldb.com/?id.257672
https://vuldb.com/?ctiid.257672
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/fromSysToolRestoreSet.md

Timeline

2025-04-10 21:40:15 UTC
CVE

Tenda AC15 SysToolRestoreSet fromSysToolRestoreSet cross-site request forgery