| عنوان | Tenda AC21 V16.03.08.16 Missing Critical Step in Authentication |
|---|
| الوصف | Tenda AC21 V16.03.08.16 is susceptible to an Unauthenticated Firmware Download vulnerability. This flaw stems from a design deficiency in the Web management interface. The /cgi-bin/DownloadFlash path fails to implement any Authentication or Authorization checks when handling HTTP requests.
A remote attacker can bypass the login process entirely (no username or password required) and induce the device to export the full binary image of the physical Flash memory by directly accessing this path. This image typically contains the complete operating system filesystem, kernel, bootloader, and sensitive configuration data (such as account hashes, hardcoded credentials, private keys, etc.). |
|---|
| المصدر | ⚠️ https://github.com/master-abc/cve/issues/27 |
|---|
| المستخدم | jiefengliang (UID 93721) |
|---|
| ارسال | 27/01/2026 06:07 PM (3 أشهر منذ) |
|---|
| الاعتدال | 07/02/2026 08:51 AM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 344850 [Tenda AC21 16.03.08.16 Web Management Interface /cgi-bin/DownloadFlash الكشف عن المعلومات] |
|---|
| النقاط | 20 |
|---|