Main Vulnerability Database Vulnerabilities #VU114328

#VU114328 Cleartext transmission of sensitive information in AC6 v5.0 AC1200 - CVE-2025-31646

Published: August 21, 2025

Vulnerability identifier: #VU114328

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-31646

CWE-ID: CWE-319

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
AC6 v5.0 AC1200

Software vendor:
Shenzhen Tenda Technology Co.,Ltd.

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information in the Session Authentication Cookie functionality. A remote attacker with ability to intercept network traffic can gain access to sensitive data and bypass authentication on the target device.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2167

#VU114328 Cleartext transmission of sensitive information in AC6 v5.0 AC1200 - CVE-2025-31646

Description

Remediation

External links

Please verify you're human