Executive Summary

This vulnerability affects Tenda D151 and D301 routers, allowing unauthenticated remote attackers to download the router's configuration file by sending a request to the /goform/getimage endpoint. The configuration file contains sensitive information such as admin credentials, which are base64-encoded and can be decoded. Additionally, attackers can activate the Telnet service remotely via the /goform/telnet endpoint, potentially enabling further unauthorized access. The configuration data is compressed with a custom LZW-like scheme, but an exploit script can decompress and extract the sensitive information without authentication. [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts as it allows attackers to remotely obtain the router's admin credentials without any authentication, leading to unauthorized control over the device. Attackers can also enable the Telnet service remotely, which may allow them to execute commands or further compromise the network. This can result in loss of network confidentiality, unauthorized configuration changes, and potential network takeover. [1]

Useful 0 Not Useful 0

Detection Guidance

You can detect this vulnerability by sending an unauthenticated HTTP GET request to the endpoint /goform/getimage on the router's IP address. For example, using curl: curl http://<router-ip>/goform/getimage If the router responds with a compressed configuration file, it indicates the vulnerability is present. Additionally, checking if the Telnet service can be activated remotely by requesting /goform/telnet can also indicate exploitation. The retrieved configuration file can be decoded using a custom decompression script as described in the exploit details. [1]

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows unauthenticated remote attackers to download router configuration files containing sensitive information such as admin credentials. Exposure of such sensitive data can lead to unauthorized access and potential data breaches, which may violate data protection requirements under standards like GDPR and HIPAA. Therefore, this vulnerability negatively impacts compliance by increasing the risk of unauthorized data disclosure and access. [1]

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability immediately, you should: 1) Restrict remote access to the router's management interface to trusted networks only, preventing external access to the /goform/getimage and /goform/telnet endpoints. 2) Disable or block access to the Telnet service if it is enabled or can be activated remotely. 3) Change the router's admin credentials after ensuring the device is secure. 4) Monitor network traffic for suspicious requests targeting the vulnerable endpoints. 5) Check for and apply any firmware updates or patches provided by the vendor to fix this vulnerability. If no patch is available, consider replacing the device or isolating it from untrusted networks until a fix is applied. [1]

Useful 0 Not Useful 0