External risk intelligence

Tenda AC6 Wi-Fi Password Removal Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2022-37176

The device is a consumer Wi-Fi router. While these are often placed behind a modem, their primary role is acting as the internet edge gateway for home and small office networks, and their management interfaces or configuration endpoints are frequently exposed to the local network or potentially misconfigured to be reachable via the WAN interface.

Tendacn Ac6 Firmware

02.03.01.114 and earlier

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability in Tenda router firmware could allow unauthenticated attackers to disable Wi-Fi security, potentially exposing sensitive network traffic. This issue impacts network access control and data confidentiality, necessitating an understanding of its potential reach.

  • Attackers can disable Wi-Fi security.
  • Routers are common network entry points.
  • Confirm relevance and assess potential exposure.

Attack Path

How an attacker could exploit the issue

An attacker could remotely send a specially crafted network packet to the device's web interface. This packet targets a specific configuration endpoint, potentially leading to the removal of the Wi-Fi password, thereby exposing the network.

  • Unauthenticated access to the device.
  • Triggering the configuration endpoint.
  • Exposed network, password removed.

Live Threat

Current exploitation, exposure, and threat context

A vulnerability in Tenda AC6 v5.0 firmware could allow an unauthenticated attacker to remove the Wi-Fi password, forcing the device into an open security mode. This could be exploited by sending a specially crafted packet to the `goform/setWizard` endpoint.

  • Unsecured Wi-Fi network access.
  • Attacker sends crafted packet.
  • Unauthorized access to network.

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability in Tenda AC6 firmware affects devices likely managed by a network or infrastructure team, possibly with vendor-management oversight for firmware updates. The immediate priority is to identify all instances of the affected technology, determine their network exposure and business criticality, and locate the accountable system owner to begin risk-based remediation planning.

  • Network and infrastructure teams own this.
  • Verify device exposure and criticality first.
  • Plan remediation with vendor coordination.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is the Tenda AC6 device?

The Tenda AC6 is a consumer-grade Wi-Fi router designed to act as an internet gateway for home or small office networks. It manages wireless connectivity and traffic routing for connected devices, serving as the bridge between a local network and the internet.

How does CVE-2022-37176 compromise my router?

This vulnerability allows an attacker to bypass authentication and modify the router's configuration. Specifically, by sending a malicious packet to a specific setup endpoint, they can force the device to remove its existing Wi-Fi password. This turns a secure, password-protected wireless network into an open one, allowing anyone within signal range to connect.

Do I need to be logged into the router for this to happen?

No. The vulnerability does not require an attacker to have any existing credentials or an active administrative session. Simply interacting with the specific vulnerable endpoint on the router's web interface is sufficient to trigger the security change. Regular, non-malicious use of the internet or standard web browsing does not trigger this issue.

Is my Tenda AC6 router at risk if it is behind another modem?

Halo Surface Signal notes that while routers are often placed behind modems, they function as the edge gateway. If the router's management interface is reachable from the network—either locally or through misconfiguration via the WAN—it remains potentially accessible to attackers. You should consider the risk based on where the device sits in your network topology.

When should I take action for this Tenda vulnerability?

You should prioritize assessing your environment immediately. Start by identifying all Tenda AC6 devices in your inventory to determine their current firmware version. Once identified, consult the manufacturer for official updates and coordinate with your network or infrastructure team to apply necessary patches or implement access restrictions to secure the device.

References