Tellion HN-2204AP Router Unauthenticated Configuration Disclosure Vulnerability

A vulnerability allowing unauthenticated configuration disclosure has been identified in Tellion HN-2204AP routers. The issue resides in the '/cgi-bin/system_config_file' management endpoint, which permits remote retrieval of a compressed configuration archive without requiring authentication or authorization. This exposed configuration may contain sensitive information such as administrative credentials, wireless keys, and other critical settings, potentially enabling further compromise of the device or network.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive configuration information, including administrative credentials and wireless keys, which could be used to compromise the device or network.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/cgi-bin/system_config_file' endpoint without authentication. The request should include a payload that specifies the desired configuration file. The response will contain the requested configuration archive, which can be extracted to reveal sensitive information.