Skip to main content

CVE-2022-42078: n/a in n/a

Medium
VulnerabilityCVE-2022-42078cvecve-2022-42078
Published: Wed Oct 12 2022 (10/12/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.

AI-Powered Analysis

AILast updated: 07/04/2025, 19:26:31 UTC

Technical Analysis

CVE-2022-42078 is a Cross Site Request Forgery (CSRF) vulnerability affecting the Tenda AC1206 router model, specifically the firmware version US_AC1206V1.0RTL_V15.03.06.23_multi_TD01. CSRF vulnerabilities allow an attacker to trick an authenticated user into submitting a forged HTTP request to the vulnerable device, causing it to perform unwanted actions without the user's consent. In this case, the vulnerable function is fromSysToolRestoreSet, which likely relates to system tool restore or reset operations. The CVSS v3.1 base score is 6.5, indicating a medium severity level. The vector string (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) shows that the attack can be performed remotely over the network (AV:N) with low attack complexity (AC:L), no privileges required (PR:N), but user interaction is needed (UI:R). The scope is unchanged (S:U), and the impact is limited to availability (A:H), meaning the vulnerability can cause denial of service or disruption but does not affect confidentiality or integrity. No known exploits are reported in the wild, and no patches or vendor advisories are currently linked. The vulnerability is classified under CWE-352, which is the standard identifier for CSRF issues. The lack of vendor or product information beyond the model and firmware version limits the ability to assess broader impact, but the vulnerability allows attackers to potentially disrupt router availability by forcing system restore or reset operations via CSRF attacks, which could cause network outages or loss of connectivity for users relying on the device.

Potential Impact

For European organizations, this vulnerability poses a risk primarily to network availability and operational continuity. If exploited, attackers could remotely induce a router reset or restore operation without authentication, causing temporary denial of service. This could disrupt internet access, internal network communications, or critical services relying on the affected router. Organizations using Tenda AC1206 routers in their infrastructure, especially in small office/home office (SOHO) or branch office environments, may experience outages impacting productivity and service delivery. While the vulnerability does not compromise data confidentiality or integrity, the availability impact could affect business operations, customer services, or remote work capabilities. Additionally, repeated exploitation could lead to increased support costs and reputational damage. The requirement for user interaction (UI:R) means that social engineering or phishing tactics might be needed to trigger the attack, which slightly reduces the risk but does not eliminate it. Given the medium severity and lack of known exploits, the threat is moderate but should not be ignored, especially in environments where router uptime is critical.

Mitigation Recommendations

To mitigate this vulnerability, European organizations should first identify any deployments of the Tenda AC1206 router model with the affected firmware version. Since no official patches are currently linked, organizations should: 1) Restrict access to the router's web management interface by limiting it to trusted internal networks and disabling remote management where possible. 2) Implement network segmentation to isolate vulnerable devices from critical systems. 3) Educate users about the risks of phishing and social engineering attacks that could trigger CSRF exploits, emphasizing caution when clicking on suspicious links or visiting untrusted websites. 4) Monitor network traffic and router logs for unusual reset or restore commands. 5) If feasible, consider upgrading to newer firmware versions or alternative hardware from vendors with active security support. 6) Employ web application firewalls or intrusion prevention systems that can detect and block CSRF attack patterns targeting router management interfaces. 7) Regularly back up router configurations to enable rapid recovery in case of forced resets. These steps go beyond generic advice by focusing on access control, user awareness, and network architecture adjustments tailored to the specific vulnerability characteristics.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2022-10-03T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682cd0fa1484d88663aec481

Added to database: 5/20/2025, 6:59:06 PM

Last enriched: 7/4/2025, 7:26:31 PM

Last updated: 7/28/2025, 5:38:07 PM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats