Primary

Context

Tenda D151 and D301 Routers Unauthenticated Configuration Download Vulnerability

Vulnerability

A vulnerability exists in Tenda D151 and D301 routers that allows remote attackers to download router configuration files, including admin credentials, without authentication. This is achieved by sending a request to the '/goform/getimage' endpoint.

Impact

Exploitation of this vulnerability allows for unauthorized access to router configuration files, including administrative passwords, which could lead to further exploitation of the device or network.

Reproduction

To reproduce this vulnerability, send a GET request to the '/goform/getimage' endpoint of the vulnerable router. The response will contain the router's configuration file, which includes admin credentials. This vulnerability can also be exploited by activating the Telnet service through a similar request to the '/goform/telnet' endpoint.

Added: Jan 21, 2026, 6:33 PM

Updated: Jan 21, 2026, 6:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

2.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

2.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda D151 and D301 Routers Unauthenticated Configuration Download Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating