Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tenda D151 & D301 - Configuration Download
Vulnerability Description
Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configuration files. Attackers can send a request to /goform/getimage endpoint to download configuration data including admin credentials without authentication.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Tenda D301和Tenda D151 访问控制错误漏洞
Vulnerability Description
Tenda D301和Tenda D151都是中国腾达(Tenda)公司的产品。Tenda D301是一款无线路由器。Tenda D151是一个无线路由器。 Tenda D301和Tenda D151存在访问控制错误漏洞,该漏洞源于/goform/getimage端点存在未经身份验证的配置下载,可能导致检索包含管理员凭据的配置文件。
CVSS Information
N/A
Vulnerability Type
N/A