CVE-2023-29680 in N301
Summary
by MITRE • 05/02/2023
Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 12/12/2025
The vulnerability CVE-2023-29680 represents a critical security flaw in Tenda N301 routers running firmware version v12.02.01.61_multi where the authentication password is transmitted in cleartext within the set-cookie header. This issue affects both local area network and wireless local area network environments, creating a significant attack surface for authenticated adversaries who can intercept communications and extract sensitive credentials. The vulnerability specifically targets the ecos_pw cookie value which contains the administrative password, making it susceptible to man-in-the-middle attacks and packet sniffing operations.
This flaw constitutes a direct violation of security best practices and can be categorized under CWE-312 Cleartext Storage of Sensitive Information and CWE-319 Cleartext Transmission of Sensitive Information within the Common Weakness Enumeration framework. The vulnerability enables attackers to capture network traffic using standard packet sniffing tools and extract the administrative password from the set-cookie header, which is transmitted without encryption or proper authentication mechanisms. The affected device configuration allows for unauthorized access to router administrative functions once the password is obtained, potentially leading to complete system compromise and unauthorized network control.
The operational impact of this vulnerability extends beyond simple credential theft, as it provides attackers with persistent administrative access to the router's management interface. An authenticated attacker on the local network can exploit this weakness to gain full control over router configurations, modify network settings, implement malicious configurations, and potentially establish persistent backdoors. The attack vector requires only local network access, making it particularly dangerous as it can be exploited by attackers who have physical or network access to the same network segment as the vulnerable router. This vulnerability directly maps to attack techniques within the MITRE ATT&CK framework under T1566 Credential Access and T1071.004 Application Layer Protocol.
Mitigation strategies for CVE-2023-29680 should prioritize immediate firmware updates from Tenda to address the cleartext transmission issue. Network administrators should implement additional security controls including network segmentation, firewall rules to restrict administrative access, and the deployment of network monitoring tools to detect unusual cookie transmission patterns. The implementation of encrypted management protocols such as HTTPS with proper certificate validation should be enforced, and administrators should regularly audit router configurations to ensure secure transmission of sensitive data. Organizations should also consider implementing network access controls and mandatory access controls to limit the impact of credential compromise. Regular security assessments and vulnerability scanning should be conducted to identify similar cleartext transmission issues in other network devices within the infrastructure.