Tenda 4G03 Pro Authentication Bypass Vulnerability Allowing Access to Sensitive Management Endpoints
Vulnerability
An authentication bypass vulnerability has been identified in the Tenda 4G03 Pro router, affecting versions through 1.0, 1.1, and 04.03.01.53. The issue arises in the router's HTTP server component, specifically in the file '/bin/httpd'. This vulnerability allows remote attackers to bypass authentication and access sensitive management endpoints, including one that enables OS command injection and another that exposes VPN tunnel configuration.
Impact
Exploitation of this vulnerability allows unauthorized access to sensitive management endpoints, including the ability to execute commands on the operating system level, start a telnet session as root, and manipulate VPN configurations.
Reproduction
The vulnerability can be reproduced by sending a GET request to '/goform/telnet', '/goform/ate', or '/goform/zerotier' endpoints. This can be done without any authentication on a factory-default device.
Remediation
It is recommended to implement restrictive firewall rules to block unauthorized access to the vulnerable endpoints.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.