Skip to main content

Tdc X401gl Firmware CVE-2026-22918

MEDIUM
Improper Restriction of Rendered UI Layers or Frames (CWE-1021)
2026-01-15 psirt@sick.de
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 15, 2026 - 13:16 nvd
MEDIUM 4.3

DescriptionCVE.org

An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data.

AnalysisAI

Tdc X401gl firmware lacks clickjacking protections, allowing remote attackers to deceive users into executing unintended actions on maliciously crafted pages. An attacker could leverage this vulnerability to trick users into divulging sensitive information or modifying device settings without their knowledge or consent.

Technical ContextAI

Classified as CWE-1021 (Improper Restriction of Rendered UI Layers or Frames). Affects Tdc-X401Gl Firmware. An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2026-22907 CRITICAL
9.9 Jan 15

Container management vulnerability allows authenticated users to escape to the host filesystem with read/write access. C

CVE-2026-22908 CRITICAL
9.1 Jan 15

Uploading unvalidated container images enables remote attackers with admin access to achieve full system compromise thro

CVE-2026-22909 HIGH
7.5 Jan 15

TDC X401gl devices with unpatched firmware lack proper authorization controls for critical system functions, enabling un

CVE-2026-22910 HIGH
7.5 Jan 15

TDC X401GL firmware contains hardcoded default credentials for privileged user accounts, enabling unauthenticated attack

CVE-2026-22911 MEDIUM
5.3 Jan 15

TDC X401GL firmware updates contain hardcoded password hashes for system accounts that are accessible to unauthenticated

CVE-2026-22917 MEDIUM
4.3 Jan 15

Denial of service conditions in TDC X401GL firmware can be triggered by authenticated network attackers through improper

CVE-2026-22912 MEDIUM
4.3 Jan 15

Insufficient validation of login parameters in TDC X401gl Firmware enables open redirect attacks that can redirect authe

CVE-2026-22916 MEDIUM
4.3 Jan 15

TDC X401GL firmware lacks proper authorization controls on privileged operations, allowing authenticated users to trigge

CVE-2026-22915 MEDIUM
4.3 Jan 15

Tdc X401gl Firmware contains an information disclosure vulnerability that allows authenticated attackers to access files

CVE-2026-22913 MEDIUM
4.3 Jan 15

TDC X401GL firmware contains a reflected cross-site scripting vulnerability in URL parameter handling that allows unauth

CVE-2026-22914 MEDIUM
4.3 Jan 15

TDC X401GL devices allow authenticated users to write files to restricted locations due to insufficient access controls,

CVE-2026-22919 LOW
3.8 Jan 15

An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site

Share

CVE-2026-22918 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy