Tenda 4G03 Pro Hard-Coded ECDSA Private Key Vulnerability

A vulnerability exists in the Tenda 4G03 Pro router in versions 1.0, 1.0re, 01.bin, and 04.03.01.53. The issue arises from an unencrypted ECDSA P-256 private key that is hard-coded and embedded in plaintext within the firmware. This key is located in the file /etc/www/pem/server.key and is accessible remotely. The vulnerability allows attackers to decrypt HTTPS traffic and conduct man-in-the-middle attacks on devices running this firmware. Additionally, other private keys compromising the device's firmware integrity verification were found embedded in the same firmware.

Impact

Exploitation of this vulnerability allows for decryption of HTTPS traffic, enabling man-in-the-middle attacks against any device using this firmware. The hard-coded private key can be extracted and used to intercept and decrypt secure communications.

Remediation

It is recommended to apply restrictive firewalling to mitigate this vulnerability.