CVE-2022-45980: n/a in n/a
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet .
AI Analysis
Technical Summary
CVE-2022-45980 is a high-severity vulnerability identified in the firmware version V22.03.01.21_CN of the Tenda AX12 router. The vulnerability is a Cross-Site Request Forgery (CSRF) flaw located in the /goform/SysToolRestoreSet endpoint. CSRF vulnerabilities allow an attacker to trick an authenticated user into submitting a forged HTTP request, which can cause the victim's browser to perform unwanted actions on the vulnerable device without their consent. In this case, the endpoint appears to be related to system restore or reset functionality, which implies that exploitation could lead to unauthorized restoration or modification of device settings. The CVSS v3.1 base score is 8.8, indicating a high severity level, with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This means the attack can be performed remotely over the network without privileges, requires low attack complexity, needs user interaction (the victim must visit a malicious page), and impacts confidentiality, integrity, and availability to a high degree. The vulnerability does not require authentication, increasing its risk profile. No patches or known exploits in the wild have been reported at the time of publication. The CWE-352 classification confirms the nature of the vulnerability as a CSRF issue. Given the nature of the device (a consumer or small office router), exploitation could allow attackers to disrupt network connectivity, alter device configurations, or potentially pivot into internal networks, leading to significant compromise.
Potential Impact
For European organizations, especially small and medium enterprises (SMEs) and home office users relying on Tenda AX12 routers, this vulnerability poses a significant risk. Successful exploitation could lead to unauthorized resetting or reconfiguration of network devices, resulting in network downtime, loss of confidentiality due to potential interception or redirection of traffic, and integrity breaches through altered device settings. This could disrupt business operations, cause data leakage, or enable further attacks within the internal network. Given the router's role as a network gateway, attackers could leverage this vulnerability to bypass security controls, install malicious firmware, or create persistent backdoors. The impact is particularly critical for organizations with limited IT security resources or those that do not regularly update router firmware. Additionally, sectors with high dependency on continuous network availability, such as finance, healthcare, and critical infrastructure, could face operational and reputational damage if targeted.
Mitigation Recommendations
1. Immediate mitigation involves restricting access to the router's management interface from untrusted networks, ideally limiting it to local LAN access only. 2. Disable remote management features if not required to reduce exposure. 3. Implement network segmentation to isolate vulnerable devices from critical systems. 4. Educate users to avoid clicking on suspicious links or visiting untrusted websites while connected to the vulnerable network to reduce the risk of CSRF exploitation. 5. Monitor network traffic for unusual activity that could indicate exploitation attempts. 6. Since no official patch is currently available, consider deploying compensating controls such as Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) that can detect and block CSRF attack patterns targeting the /goform/SysToolRestoreSet endpoint. 7. Regularly check for firmware updates from Tenda and apply them promptly once a patch addressing this vulnerability is released. 8. For organizations with advanced capabilities, consider replacing vulnerable devices with models from vendors with stronger security track records and timely patch management.
Affected Countries
Germany, France, Italy, Spain, Poland, Netherlands, Belgium, Czech Republic, Hungary, Romania
CVE-2022-45980: n/a in n/a
Description
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet .
AI-Powered Analysis
Technical Analysis
CVE-2022-45980 is a high-severity vulnerability identified in the firmware version V22.03.01.21_CN of the Tenda AX12 router. The vulnerability is a Cross-Site Request Forgery (CSRF) flaw located in the /goform/SysToolRestoreSet endpoint. CSRF vulnerabilities allow an attacker to trick an authenticated user into submitting a forged HTTP request, which can cause the victim's browser to perform unwanted actions on the vulnerable device without their consent. In this case, the endpoint appears to be related to system restore or reset functionality, which implies that exploitation could lead to unauthorized restoration or modification of device settings. The CVSS v3.1 base score is 8.8, indicating a high severity level, with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This means the attack can be performed remotely over the network without privileges, requires low attack complexity, needs user interaction (the victim must visit a malicious page), and impacts confidentiality, integrity, and availability to a high degree. The vulnerability does not require authentication, increasing its risk profile. No patches or known exploits in the wild have been reported at the time of publication. The CWE-352 classification confirms the nature of the vulnerability as a CSRF issue. Given the nature of the device (a consumer or small office router), exploitation could allow attackers to disrupt network connectivity, alter device configurations, or potentially pivot into internal networks, leading to significant compromise.
Potential Impact
For European organizations, especially small and medium enterprises (SMEs) and home office users relying on Tenda AX12 routers, this vulnerability poses a significant risk. Successful exploitation could lead to unauthorized resetting or reconfiguration of network devices, resulting in network downtime, loss of confidentiality due to potential interception or redirection of traffic, and integrity breaches through altered device settings. This could disrupt business operations, cause data leakage, or enable further attacks within the internal network. Given the router's role as a network gateway, attackers could leverage this vulnerability to bypass security controls, install malicious firmware, or create persistent backdoors. The impact is particularly critical for organizations with limited IT security resources or those that do not regularly update router firmware. Additionally, sectors with high dependency on continuous network availability, such as finance, healthcare, and critical infrastructure, could face operational and reputational damage if targeted.
Mitigation Recommendations
1. Immediate mitigation involves restricting access to the router's management interface from untrusted networks, ideally limiting it to local LAN access only. 2. Disable remote management features if not required to reduce exposure. 3. Implement network segmentation to isolate vulnerable devices from critical systems. 4. Educate users to avoid clicking on suspicious links or visiting untrusted websites while connected to the vulnerable network to reduce the risk of CSRF exploitation. 5. Monitor network traffic for unusual activity that could indicate exploitation attempts. 6. Since no official patch is currently available, consider deploying compensating controls such as Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) that can detect and block CSRF attack patterns targeting the /goform/SysToolRestoreSet endpoint. 7. Regularly check for firmware updates from Tenda and apply them promptly once a patch addressing this vulnerability is released. 8. For organizations with advanced capabilities, consider replacing vulnerable devices with models from vendors with stronger security track records and timely patch management.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-11-28T00:00:00.000Z
- Cisa Enriched
- true
Threat ID: 682d9848c4522896dcbf6074
Added to database: 5/21/2025, 9:09:28 AM
Last enriched: 6/21/2025, 3:53:46 PM
Last updated: 8/7/2025, 6:55:45 PM
Views: 10
Related Threats
CVE-2025-53187: CWE-94 Improper Control of Generation of Code ('Code Injection') in ABB ASPECT
HighCVE-2025-54063: CWE-94: Improper Control of Generation of Code ('Code Injection') in CherryHQ cherry-studio
HighCVE-2025-1500: CWE-434 Unrestricted Upload of File with Dangerous Type in IBM Maximo Application Suite
MediumCVE-2025-1403: CWE-502 Deserialization of Untrusted Data in IBM Qiskit SDK
HighCVE-2025-0161: CWE-94 Improper Control of Generation of Code ('Code Injection') in IBM Security Verify Access
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.