CVE-2022-42078: n/a in n/a
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
AI Analysis
Technical Summary
CVE-2022-42078 is a Cross Site Request Forgery (CSRF) vulnerability affecting the Tenda AC1206 router model, specifically the firmware version US_AC1206V1.0RTL_V15.03.06.23_multi_TD01. CSRF vulnerabilities allow an attacker to trick an authenticated user into submitting a forged HTTP request to the vulnerable device, causing it to perform unwanted actions without the user's consent. In this case, the vulnerable function is fromSysToolRestoreSet, which likely relates to system tool restore or reset operations. The CVSS v3.1 base score is 6.5, indicating a medium severity level. The vector string (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) shows that the attack can be performed remotely over the network (AV:N) with low attack complexity (AC:L), no privileges required (PR:N), but user interaction is needed (UI:R). The scope is unchanged (S:U), and the impact is limited to availability (A:H), meaning the vulnerability can cause denial of service or disruption but does not affect confidentiality or integrity. No known exploits are reported in the wild, and no patches or vendor advisories are currently linked. The vulnerability is classified under CWE-352, which is the standard identifier for CSRF issues. The lack of vendor or product information beyond the model and firmware version limits the ability to assess broader impact, but the vulnerability allows attackers to potentially disrupt router availability by forcing system restore or reset operations via CSRF attacks, which could cause network outages or loss of connectivity for users relying on the device.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to network availability and operational continuity. If exploited, attackers could remotely induce a router reset or restore operation without authentication, causing temporary denial of service. This could disrupt internet access, internal network communications, or critical services relying on the affected router. Organizations using Tenda AC1206 routers in their infrastructure, especially in small office/home office (SOHO) or branch office environments, may experience outages impacting productivity and service delivery. While the vulnerability does not compromise data confidentiality or integrity, the availability impact could affect business operations, customer services, or remote work capabilities. Additionally, repeated exploitation could lead to increased support costs and reputational damage. The requirement for user interaction (UI:R) means that social engineering or phishing tactics might be needed to trigger the attack, which slightly reduces the risk but does not eliminate it. Given the medium severity and lack of known exploits, the threat is moderate but should not be ignored, especially in environments where router uptime is critical.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should first identify any deployments of the Tenda AC1206 router model with the affected firmware version. Since no official patches are currently linked, organizations should: 1) Restrict access to the router's web management interface by limiting it to trusted internal networks and disabling remote management where possible. 2) Implement network segmentation to isolate vulnerable devices from critical systems. 3) Educate users about the risks of phishing and social engineering attacks that could trigger CSRF exploits, emphasizing caution when clicking on suspicious links or visiting untrusted websites. 4) Monitor network traffic and router logs for unusual reset or restore commands. 5) If feasible, consider upgrading to newer firmware versions or alternative hardware from vendors with active security support. 6) Employ web application firewalls or intrusion prevention systems that can detect and block CSRF attack patterns targeting router management interfaces. 7) Regularly back up router configurations to enable rapid recovery in case of forced resets. These steps go beyond generic advice by focusing on access control, user awareness, and network architecture adjustments tailored to the specific vulnerability characteristics.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland
CVE-2022-42078: n/a in n/a
Description
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
AI-Powered Analysis
Technical Analysis
CVE-2022-42078 is a Cross Site Request Forgery (CSRF) vulnerability affecting the Tenda AC1206 router model, specifically the firmware version US_AC1206V1.0RTL_V15.03.06.23_multi_TD01. CSRF vulnerabilities allow an attacker to trick an authenticated user into submitting a forged HTTP request to the vulnerable device, causing it to perform unwanted actions without the user's consent. In this case, the vulnerable function is fromSysToolRestoreSet, which likely relates to system tool restore or reset operations. The CVSS v3.1 base score is 6.5, indicating a medium severity level. The vector string (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) shows that the attack can be performed remotely over the network (AV:N) with low attack complexity (AC:L), no privileges required (PR:N), but user interaction is needed (UI:R). The scope is unchanged (S:U), and the impact is limited to availability (A:H), meaning the vulnerability can cause denial of service or disruption but does not affect confidentiality or integrity. No known exploits are reported in the wild, and no patches or vendor advisories are currently linked. The vulnerability is classified under CWE-352, which is the standard identifier for CSRF issues. The lack of vendor or product information beyond the model and firmware version limits the ability to assess broader impact, but the vulnerability allows attackers to potentially disrupt router availability by forcing system restore or reset operations via CSRF attacks, which could cause network outages or loss of connectivity for users relying on the device.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to network availability and operational continuity. If exploited, attackers could remotely induce a router reset or restore operation without authentication, causing temporary denial of service. This could disrupt internet access, internal network communications, or critical services relying on the affected router. Organizations using Tenda AC1206 routers in their infrastructure, especially in small office/home office (SOHO) or branch office environments, may experience outages impacting productivity and service delivery. While the vulnerability does not compromise data confidentiality or integrity, the availability impact could affect business operations, customer services, or remote work capabilities. Additionally, repeated exploitation could lead to increased support costs and reputational damage. The requirement for user interaction (UI:R) means that social engineering or phishing tactics might be needed to trigger the attack, which slightly reduces the risk but does not eliminate it. Given the medium severity and lack of known exploits, the threat is moderate but should not be ignored, especially in environments where router uptime is critical.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should first identify any deployments of the Tenda AC1206 router model with the affected firmware version. Since no official patches are currently linked, organizations should: 1) Restrict access to the router's web management interface by limiting it to trusted internal networks and disabling remote management where possible. 2) Implement network segmentation to isolate vulnerable devices from critical systems. 3) Educate users about the risks of phishing and social engineering attacks that could trigger CSRF exploits, emphasizing caution when clicking on suspicious links or visiting untrusted websites. 4) Monitor network traffic and router logs for unusual reset or restore commands. 5) If feasible, consider upgrading to newer firmware versions or alternative hardware from vendors with active security support. 6) Employ web application firewalls or intrusion prevention systems that can detect and block CSRF attack patterns targeting router management interfaces. 7) Regularly back up router configurations to enable rapid recovery in case of forced resets. These steps go beyond generic advice by focusing on access control, user awareness, and network architecture adjustments tailored to the specific vulnerability characteristics.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-10-03T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682cd0fa1484d88663aec481
Added to database: 5/20/2025, 6:59:06 PM
Last enriched: 7/4/2025, 7:26:31 PM
Last updated: 7/28/2025, 5:38:07 PM
Views: 11
Related Threats
CVE-2025-8974: Hard-coded Credentials in linlinjava litemall
MediumCVE-2025-8973: SQL Injection in SourceCodester Cashier Queuing System
MediumCVE-2025-21110: CWE-250: Execution with Unnecessary Privileges in Dell Data Lakehouse
MediumCVE-2025-8972: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-51986: n/a
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.