Tenda AC6 Information Disclosure Vulnerability in Product Info Retrieval

A vulnerability allowing information disclosure exists in the Tenda AC6 router, specifically in version V5.0 V02.03.01.110. The issue arises in the '/goform/getproductInfo' function, where specially crafted network packets can be sent to extract sensitive information. This vulnerability exploits an authentication bypass, allowing attackers to access confidential data without proper credentials.

Impact

Exploitation of this vulnerability allows unauthorized access to sensitive information, including plaintext Wi-Fi passwords, DDNS usernames and passwords, and other configuration details, except for the admin password.

Reproduction

To reproduce this vulnerability, send a request to the '/goform/getproductInfo' endpoint on the Tenda AC6 router. The request can be made without authentication, as the endpoint bypasses the authentication checks. Once the request is sent, the router will respond with sensitive information, including the Wi-Fi password and other configuration details, in plaintext.