Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.