| 제목 | Tenda AC21 V16.03.08.16 Missing Critical Step in Authentication |
|---|
| 설명 | Tenda AC21 V16.03.08.16 is susceptible to an Unauthenticated Firmware Download vulnerability. This flaw stems from a design deficiency in the Web management interface. The /cgi-bin/DownloadFlash path fails to implement any Authentication or Authorization checks when handling HTTP requests.
A remote attacker can bypass the login process entirely (no username or password required) and induce the device to export the full binary image of the physical Flash memory by directly accessing this path. This image typically contains the complete operating system filesystem, kernel, bootloader, and sensitive configuration data (such as account hashes, hardcoded credentials, private keys, etc.). |
|---|
| 원천 | ⚠️ https://github.com/master-abc/cve/issues/27 |
|---|
| 사용자 | jiefengliang (UID 93721) |
|---|
| 제출 | 2026. 01. 27. PM 06:07 (3 개월 ago) |
|---|
| 모더레이션 | 2026. 02. 07. AM 08:51 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 344850 [Tenda AC21 16.03.08.16 Web Management Interface /cgi-bin/DownloadFlash 정보 공개] |
|---|
| 포인트들 | 20 |
|---|