CVE-2022-40844: n/a in n/a
In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) issue exists allowing an attacker to execute JavaScript code via the applications website filtering tab, specifically the URL body.
AI Analysis
Technical Summary
CVE-2022-40844 is a medium-severity Stored Cross Site Scripting (XSS) vulnerability identified in the Tenda AC1200 Router model W15Ev2 running firmware version V15.11.0.10(1576). The vulnerability arises from improper sanitization of user input in the router's web interface, specifically within the URL body parameter of the website filtering tab. An attacker with at least low-level privileges (PR:L) and requiring user interaction (UI:R) can inject malicious JavaScript code that gets stored and subsequently executed in the context of the router's web management interface. This stored XSS flaw allows the attacker to potentially hijack user sessions, steal authentication cookies, or perform actions on behalf of the legitimate user managing the router. The CVSS 3.1 vector indicates the attack can be launched remotely over the network (AV:N) with low attack complexity (AC:L), but requires some privileges and user interaction, and impacts confidentiality and integrity with a scope change (S:C). No known public exploits have been reported yet, and no patches are currently linked, indicating that affected users may still be vulnerable if they have not updated or mitigated the issue. The vulnerability is classified under CWE-79, which is the common weakness enumeration for Cross Site Scripting.
Potential Impact
For European organizations, this vulnerability poses a moderate risk primarily to network security and management infrastructure. If exploited, attackers could gain unauthorized access to router management sessions, potentially altering network configurations, redirecting traffic, or creating persistent backdoors. This could lead to data leakage, interception of sensitive communications, or disruption of network services. Since routers are critical infrastructure components, especially in small to medium enterprises and home office environments, exploitation could facilitate lateral movement within networks or serve as a foothold for more extensive attacks. The requirement for user interaction and low privilege reduces the immediacy of risk but does not eliminate it, especially in environments where multiple users have access to router management interfaces. The lack of available patches means organizations must rely on alternative mitigations until firmware updates are released. Given the widespread use of Tenda routers in consumer and small business markets across Europe, the vulnerability could affect a significant number of endpoints, increasing the attack surface for threat actors targeting European networks.
Mitigation Recommendations
Organizations should immediately audit their network environments to identify the presence of Tenda AC1200 Router model W15Ev2 devices running the vulnerable firmware version. Until an official patch is released, it is recommended to restrict access to the router's web management interface by implementing network segmentation and access control lists (ACLs) to limit management access to trusted IP addresses only. Administrators should enforce strong authentication mechanisms and educate users about the risks of interacting with suspicious links or inputs in the router management interface. Disabling remote management features, if enabled, can reduce exposure. Monitoring network traffic for unusual activities or unauthorized configuration changes can help detect exploitation attempts. Additionally, organizations should stay alert for firmware updates from Tenda and apply them promptly once available. Employing web application firewalls (WAF) or intrusion prevention systems (IPS) that can detect and block XSS payloads targeting router interfaces may provide an additional layer of defense.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland
CVE-2022-40844: n/a in n/a
Description
In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) issue exists allowing an attacker to execute JavaScript code via the applications website filtering tab, specifically the URL body.
AI-Powered Analysis
Technical Analysis
CVE-2022-40844 is a medium-severity Stored Cross Site Scripting (XSS) vulnerability identified in the Tenda AC1200 Router model W15Ev2 running firmware version V15.11.0.10(1576). The vulnerability arises from improper sanitization of user input in the router's web interface, specifically within the URL body parameter of the website filtering tab. An attacker with at least low-level privileges (PR:L) and requiring user interaction (UI:R) can inject malicious JavaScript code that gets stored and subsequently executed in the context of the router's web management interface. This stored XSS flaw allows the attacker to potentially hijack user sessions, steal authentication cookies, or perform actions on behalf of the legitimate user managing the router. The CVSS 3.1 vector indicates the attack can be launched remotely over the network (AV:N) with low attack complexity (AC:L), but requires some privileges and user interaction, and impacts confidentiality and integrity with a scope change (S:C). No known public exploits have been reported yet, and no patches are currently linked, indicating that affected users may still be vulnerable if they have not updated or mitigated the issue. The vulnerability is classified under CWE-79, which is the common weakness enumeration for Cross Site Scripting.
Potential Impact
For European organizations, this vulnerability poses a moderate risk primarily to network security and management infrastructure. If exploited, attackers could gain unauthorized access to router management sessions, potentially altering network configurations, redirecting traffic, or creating persistent backdoors. This could lead to data leakage, interception of sensitive communications, or disruption of network services. Since routers are critical infrastructure components, especially in small to medium enterprises and home office environments, exploitation could facilitate lateral movement within networks or serve as a foothold for more extensive attacks. The requirement for user interaction and low privilege reduces the immediacy of risk but does not eliminate it, especially in environments where multiple users have access to router management interfaces. The lack of available patches means organizations must rely on alternative mitigations until firmware updates are released. Given the widespread use of Tenda routers in consumer and small business markets across Europe, the vulnerability could affect a significant number of endpoints, increasing the attack surface for threat actors targeting European networks.
Mitigation Recommendations
Organizations should immediately audit their network environments to identify the presence of Tenda AC1200 Router model W15Ev2 devices running the vulnerable firmware version. Until an official patch is released, it is recommended to restrict access to the router's web management interface by implementing network segmentation and access control lists (ACLs) to limit management access to trusted IP addresses only. Administrators should enforce strong authentication mechanisms and educate users about the risks of interacting with suspicious links or inputs in the router management interface. Disabling remote management features, if enabled, can reduce exposure. Monitoring network traffic for unusual activities or unauthorized configuration changes can help detect exploitation attempts. Additionally, organizations should stay alert for firmware updates from Tenda and apply them promptly once available. Employing web application firewalls (WAF) or intrusion prevention systems (IPS) that can detect and block XSS payloads targeting router interfaces may provide an additional layer of defense.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-09-19T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682cd0fb1484d88663aec86b
Added to database: 5/20/2025, 6:59:07 PM
Last enriched: 7/6/2025, 1:26:43 PM
Last updated: 8/12/2025, 9:25:56 AM
Views: 12
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.