Arbitrary Device Locking Vulnerability in Tenda RX9 Pro Firmware V22.03.02.20

CVE-2023-43885 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device.

Learn more about our Cis Benchmark Audit For Server Software.