admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-08 12:25:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/网络设备漏洞/Tenda W15E企业级路由器 RouterCfm.cfg 配置文件泄漏漏洞.md
Threekiii 11de4c1d47 update
2024-11-06 14:10:36 +08:00

29 lines
616 B
Markdown
Raw Blame History

# Tenda W15E企业级路由器 RouterCfm.cfg 配置文件泄漏漏洞
## 漏洞描述
Tenda 企业级路由器 RouterCfm.cfg 配置文件可在未授权的情况下被读取,导致账号密码等敏感信息泄漏
## 漏洞影响
```
Tenda 企业级路由器
```
## 网络测绘
```
title=="Tenda | Login" && country="CN"
```
## 漏洞复现
登录页面
![image-20220519181331832](images/202205191813876.png)
访问路径![image-20220519181508329](images/202205191815422.png)
后台账号密码位于参数 `sys.userpass` base64解密后的字符
![image-20220519181456848](images/202205191814923.png)
Reference in New Issue View Git Blame Copy Permalink