إرسال #592074: Tenda TDSEE mobile application 1.7.12 Authorization Bypassالمعلومات

عنوان	Tenda TDSEE mobile application 1.7.12 Authorization Bypass
الوصف	In the TDSEE app, I found there was no rate limit in the confirmation code requests in the password reset functionality, resulting in account takeover. Knowing the victim’s email, the attacker could change the account password by going through the 6-digit password reset confirmation code. In the application version 1.7.15, the vendor released a patch, setting a limit on the number of requests per second. Sources: https://blog.kevgen.ru/posts/account_takeover_in_tdsee_app/ https://github.com/k3vg3n/researches/blob/main/Account_takeover_in_TDSEE_app.md
المصدر	⚠️ https://blog.kevgen.ru/posts/account_takeover_in_tdsee_app/
المستخدم	k3vg3n (UID 86142)
ارسال	06/06/2025 07:44 PM (11 أشهر منذ)
الاعتدال	08/06/2025 03:30 PM (2 days later)
الحالة	تمت الموافقة
إدخال VulDB	311623 [Tenda TDSEE App حتى 1.7.12 Password Reset Confirmation Code /app/ConfirmSmsCode الكشف عن المعلومات]
النقاط	20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!