Описание
Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configuration files. Attackers can send a request to /goform/getimage endpoint to download configuration data including admin credentials without authentication.
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:tenda:d151_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tenda:d151:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:tenda:d301_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tenda:d301:-:*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.00245
Низкий
7.5 High
CVSS3
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 7.5
github
17 дней назад
Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configuration files. Attackers can send a request to /goform/getimage endpoint to download configuration data including admin credentials without authentication.
EPSS
Процентиль: 47%
0.00245
Низкий
7.5 High
CVSS3
Дефекты
CWE-306