Tenda F453 Router Command Injection Vulnerability in Telnet Service

A command injection vulnerability has been identified in the Tenda F453 router, affecting firmware versions through 1.0.0.3. The issue arises in the Telnet service component, specifically within the TendaTelnet function of the /goform/telnet file. This vulnerability allows remote attackers to inject commands by exploiting the lack of proper access control and input validation. Once the Telnet service is enabled, attackers can gain interactive shell access and execute arbitrary commands on the device.

Impact

Exploitation of this vulnerability allows for remote command execution on the affected router, with the potential to abuse the device for persistence, configuration changes, or lateral movement within the network.

Reproduction

To reproduce this vulnerability, send a POST request to the /goform/telnet endpoint without any authentication. This request will trigger the TendaTelnet function, which executes system commands to enable the Telnet service. Once Telnet is activated, an interactive shell can be accessed on the router, allowing for arbitrary command execution.

Remediation

It is recommended to remove or restrict access to the /goform/telnet endpoint, add authentication and authorization checks to the TendaTelnet function, and avoid directly executing system commands to manage service states. Additionally, all web management endpoints should include input validation, authentication, and audit logging. Users should upgrade to a patched firmware version as soon as it is available.