Compliance Impact

The vulnerability allows unauthorized access to sensitive administrative data via cross-origin requests due to an insecure CORS policy. This exposure of sensitive data could lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require strict controls to protect personal and sensitive information from unauthorized access. [1]

Useful 0 Not Useful 0

Executive Summary

This vulnerability exists in the Tenda W30E V2 router firmware up to version V16.01.0.19(5037). It is caused by an insecure Cross-Origin Resource Sharing (CORS) policy on authenticated administrative endpoints. The device sets the HTTP header Access-Control-Allow-Origin to '*' (allowing all origins) while also setting Access-Control-Allow-Credentials to 'true'. This combination allows attacker-controlled websites to make credentialed cross-origin requests to the router, potentially accessing sensitive administrative data without authorization. [1]

Useful 0 Not Useful 0

Impact Analysis

An attacker can exploit this vulnerability remotely without any privileges or user interaction by crafting malicious websites that perform credentialed cross-origin requests to the router's administrative endpoints. This can lead to unauthorized access to sensitive administrative data, potentially compromising the security and control of the affected device and network. [1]

Useful 0 Not Useful 0

Detection Guidance

You can detect this vulnerability by inspecting the HTTP headers of the administrative endpoints on the Tenda W30E V2 router. Specifically, check if the response headers include `Access-Control-Allow-Origin: *` together with `Access-Control-Allow-Credentials: true`. A simple way to do this is by using curl commands to send requests to the router's admin interface and observe the headers. For example: `curl -I http://<router-ip>/admin` and look for the mentioned headers in the response. If these headers are present as described, the device is vulnerable. [1]

Useful 0 Not Useful 0