CVE-2021-47802 – This vulnerability allows remote attackers to d... (How to Fix)

Q: What is the severity of CVE-2021-47802?

CVE-2021-47802 has a CVSS score of 7.5 (HIGH). This vulnerability allows remote attackers to download router configuration files without authentication on Tenda D151 and D301 routers. Attackers can retrieve admin credentials and other sensitive data by sending a request to the /goform/getimage endpoint. Users of these specific router models are affected.

📋 TL;DR

This vulnerability allows remote attackers to download router configuration files without authentication on Tenda D151 and D301 routers. Attackers can retrieve admin credentials and other sensitive data by sending a request to the /goform/getimage endpoint. Users of these specific router models are affected.

💻 Affected Systems

Products:

Tenda D151
Tenda D301

Versions: All versions prior to patched firmware (specific version unknown from provided data)

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: This affects the default configuration of these routers, as the vulnerable endpoint is accessible without authentication by design.

📦 What is this software?

D151 Firmware by Tenda

View all CVEs affecting D151 Firmware →

D301 Firmware by Tenda

View all CVEs affecting D301 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full administrative access to the router, enabling them to reconfigure settings, intercept network traffic, or launch further attacks on connected devices.

🟠

Likely Case

Attackers steal admin credentials and compromise the router's security, potentially leading to unauthorized network access or data theft.

🟢

If Mitigated

If routers are not internet-facing and have strong network segmentation, impact is limited to internal attackers, reducing overall risk.

🌐 Internet-Facing: HIGH, as the exploit is unauthenticated and can be performed remotely over the internet, exposing routers directly accessible from the web.

🏢 Internal Only: MEDIUM, as internal attackers could still exploit this if they have network access, but it requires being on the same local network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on Exploit-DB, making it easy for attackers to use with minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown specific version; check Tenda vendor updates

Vendor Advisory: https://www.tendacn.com/us/

Restart Required: Yes

Instructions:

1. Visit the Tenda support website. 2. Download the latest firmware for your router model. 3. Log into the router admin panel. 4. Navigate to firmware upgrade section. 5. Upload and apply the new firmware. 6. Reboot the router after update.

🔧 Temporary Workarounds

Block External Access

linux

Prevent internet access to the router's admin interface by disabling remote management or using firewall rules.

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

Change Admin Credentials

all

Immediately change router admin passwords to reduce risk if credentials are exposed, though this does not fix the underlying vulnerability.

🧯 If You Can't Patch

Isolate the router on a segmented network to limit exposure to internal threats.
Monitor network traffic for unauthorized access attempts to the /goform/getimage endpoint.

🔍 How to Verify

Check if Vulnerable:

Send a GET request to http://[router-ip]/goform/getimage and check if it returns configuration data without authentication.

Check Version:

Log into router admin panel and check firmware version in system settings, or use curl -s http://[router-ip]/ | grep -i version

Verify Fix Applied:

After patching, attempt the same request; it should return an error or require authentication.

📡 Detection & Monitoring

Log Indicators:

Unusual access logs showing requests to /goform/getimage from unauthorized IPs

Network Indicators:

HTTP traffic to router IP on port 80/443 with GET /goform/getimage

SIEM Query:

source="router_logs" AND url="/goform/getimage" AND user="-"

📊 Metadata

CVE ID: CVE-2021-47802

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-306

EPSS Score: 0.25% exploit probability (47.5th percentile)

Published: January 21, 2026

Last Updated: February 2, 2026

🔗 References

https://www.exploit-db.com/exploits/49782 Exploit
https://www.tendacn.com/us/ Product
https://www.vulncheck.com/advisories/tenda-d-d-configuration-download Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47802, you might also want to check these: