| タイトル | Tenda AC21 V16.03.08.16 Missing Critical Step in Authentication |
|---|
| 説明 | Tenda AC21 V16.03.08.16 is susceptible to an Unauthenticated Firmware Download vulnerability. This flaw stems from a design deficiency in the Web management interface. The /cgi-bin/DownloadFlash path fails to implement any Authentication or Authorization checks when handling HTTP requests.
A remote attacker can bypass the login process entirely (no username or password required) and induce the device to export the full binary image of the physical Flash memory by directly accessing this path. This image typically contains the complete operating system filesystem, kernel, bootloader, and sensitive configuration data (such as account hashes, hardcoded credentials, private keys, etc.). |
|---|
| ソース | ⚠️ https://github.com/master-abc/cve/issues/27 |
|---|
| ユーザー | jiefengliang (UID 93721) |
|---|
| 送信 | 2026年01月27日 18:07 (3 月 ago) |
|---|
| モデレーション | 2026年02月07日 08:51 (11 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 344850 [Tenda AC21 16.03.08.16 Web Management Interface /cgi-bin/DownloadFlash 情報漏えい] |
|---|
| ポイント | 20 |
|---|