Tenda i3 Path Traversal Vulnerability in HTTP R7WebsSecurityHandler
Vulnerability
A path traversal vulnerability has been identified in the Tenda i3 router, specifically in the firmware version 1.0.0.6(2204). The issue arises in the R7WebsSecurityHandler function, which is responsible for filtering HTTP requests. The vulnerability allows remote attackers to bypass authentication and access sensitive files by exploiting the application's failure to properly validate or canonicalize URL paths. By sending a crafted HTTP request that includes directory traversal sequences, attackers can escape restricted directories and gain unauthorized access to administrative functions.
Impact
Exploitation of this vulnerability allows for unauthorized access to sensitive files and administrative functions on the router.
Reproduction
To reproduce this vulnerability, send an HTTP request to the router's web server that includes a whitelisted URL prefix, such as '/lang/', followed by directory traversal sequences ('../') to access restricted files. For example, a request to '/lang/../system_upgrade.asp' will bypass authentication and grant access to the administrative upgrade page.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.