Tenda W15e Enterprise Router Routercfm Cfg Configuration File Leak Vulnerability
Tenda W15e Enterprise Router Routercfm Cfg Configuration File Leak Vulnerability
Tenda W15E enterprise router RouterCfm.cfg configuration file leak vulnerability
Vulnerability Description
Tenda enterprise-grade router RouterCfm.cfg configuration file can be read without authorization, resulting in leaks of sensitive information such as account passwords.
Vulnerability Impact
Tenda enterprise-grade router
Network surveying and mapping
title==”Tenda | Login” && country=”CN”
Vulnerability reappears
Login page
Access path
1
/cgi-bin/DownloadCfg/RouterCfm.cfg
The backend account password is located in the parameter sys.userpass character after decryption of base64
This post is licensed under CC BY 4.0 by the author.