📄 Description (English)
Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configuration files. Attackers can send a request to /goform/getimage endpoint to download configuration data including admin credentials without authentication.
🤖 AI Executive Summary
Tenda D151 and D301 routers contain a critical unauthenticated configuration download vulnerability (CVE-2021-47802) allowing remote attackers to retrieve sensitive router configurations including admin credentials without authentication. The vulnerability is exploitable via the /goform/getimage endpoint and poses immediate risk to organizations using these devices for network access. With exploit code publicly available and widespread deployment in Saudi networks, this requires urgent patching across all affected devices.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 1, 2026 13:57
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi organizations across multiple sectors. Banking and financial institutions using Tenda routers for branch connectivity face credential compromise and potential lateral movement into banking networks. Government agencies and NCA-regulated entities risk exposure of network configurations and administrative access. Telecommunications providers (STC, Mobily, Zain) and ISPs using these devices for customer premises equipment face widespread customer network compromise. Healthcare facilities and ARAMCO energy sector operations could experience network access loss and data exfiltration. Small and medium enterprises throughout Saudi Arabia commonly deploy Tenda routers, making this a widespread vulnerability affecting critical infrastructure access points.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Telecommunications
Healthcare
Energy and Utilities
Small and Medium Enterprises
Education
Retail and E-commerce
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all Tenda D151 and D301 devices in your network using network scanning tools and device inventory systems
2. Isolate affected devices from production networks if patching cannot be completed within 24 hours
3. Change all router admin credentials immediately and document new passwords in secure vault
4. Review router access logs for unauthorized /goform/getimage requests (check last 30 days minimum)
PATCHING GUIDANCE:
1. Download latest firmware from Tenda official website (verify digital signatures)
2. Apply firmware updates during maintenance windows with change management approval
3. Test updates in lab environment before production deployment
4. Maintain backup of current configuration before patching
COMPENSATING CONTROLS (if patching delayed):
1. Implement network-level access controls blocking /goform/getimage endpoint
2. Restrict router management access to specific IP ranges using firewall rules
3. Deploy WAF rules to block requests to /goform/getimage from untrusted sources
4. Enable router access logging and monitor for suspicious configuration download attempts
5. Implement network segmentation isolating router management traffic
DETECTION RULES:
1. Monitor for HTTP GET/POST requests to /goform/getimage endpoint
2. Alert on configuration file downloads from router management interfaces
3. Track failed and successful authentication attempts to router admin interfaces
4. Monitor for unusual outbound connections from router devices
5. Implement IDS signatures detecting Tenda D151/D301 exploitation patterns
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع أجهزة Tenda D151 و D301 في شبكتك باستخدام أدوات المسح والجرد
2. عزل الأجهزة المتأثرة عن شبكات الإنتاج إذا لم يتمكن من التصحيح خلال 24 ساعة
3. تغيير بيانات اعتماد مسؤول الجهاز فوراً وتوثيق كلمات المرور الجديدة
4. مراجعة سجلات وصول الجهاز للطلبات غير المصرح بها (تحقق من آخر 30 يوم على الأقل)
إرشادات التصحيح:
1. تحميل أحدث البرامج الثابتة من موقع Tenda الرسمي (التحقق من التوقيعات الرقمية)
2. تطبيق تحديثات البرامج الثابتة خلال نوافذ الصيانة
3. اختبار التحديثات في بيئة المختبر قبل النشر في الإنتاج
4. الاحتفاظ بنسخة احتياطية من الإعدادات الحالية قبل التصحيح
الضوابط البديلة (إذا تأخر التصحيح):
1. تطبيق ضوابط الوصول على مستوى الشبكة لحظر نقطة النهاية /goform/getimage
2. تقييد وصول إدارة الجهاز إلى نطاقات IP محددة
3. نشر قواعد WAF لحظر الطلبات إلى /goform/getimage
4. تفعيل تسجيل وصول الجهاز ومراقبة محاولات التحميل المريبة
5. تطبيق تقسيم الشبكة لعزل حركة إدارة الجهاز
قواعد الكشف:
1. مراقبة طلبات HTTP إلى نقطة النهاية /goform/getimage
2. تنبيهات على تحميلات ملفات الإعدادات من واجهات إدارة الجهاز
3. تتبع محاولات المصادقة الفاشلة والناجحة
4. مراقبة الاتصالات الخارجية غير العادية من أجهزة التوجيه
5. تطبيق توقيعات IDS للكشف عن أنماط الاستغلال
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.8.1.1 - User access control and authentication
ECC 2024 A.8.2.1 - Secure authentication mechanisms
ECC 2024 A.8.3.1 - Access rights management
ECC 2024 A.13.1.1 - Network security perimeter
ECC 2024 A.13.1.3 - Segregation of networks
🔵 SAMA CSF
SAMA CSF ID.AM-2 - Hardware and software assets are inventoried
SAMA CSF PR.AC-1 - Identities and credentials are issued and managed
SAMA CSF PR.AC-4 - Access rights are managed
SAMA CSF PR.PT-1 - Devices and software are kept up to date
SAMA CSF DE.CM-1 - The network is monitored for unauthorized connections
🟡 ISO 27001:2022
ISO 27001:2022 A.5.15 - Access control
ISO 27001:2022 A.8.1 - User endpoint devices
ISO 27001:2022 A.8.2 - Privileged access rights
ISO 27001:2022 A.8.6 - Access control for change of user privileges
ISO 27001:2022 A.14.2 - Secure development policy
🟣 PCI DSS v4.0.1
PCI DSS 1.2.1 - Configuration standards for network devices
PCI DSS 2.1 - Always change vendor-supplied defaults
PCI DSS 6.2 - Security patches installation
PCI DSS 8.1 - User identification and authentication
PCI DSS 10.2 - Implement automated audit trails
📦 Affected Products / CPE 2 entries
tenda:d151_firmware:-
tenda:d301_firmware:-