Details of VAR-202601-2437

ID

VAR-202601-2437

CVE

CVE-2021-47802

TITLE

Shenzhen Tenda Technology Co.,Ltd. of D151 Vulnerabilities related to the lack of authentication for important functions in multiple products, including

Trust: 0.8

sources: JVNDB: JVNDB-2026-002627

DESCRIPTION

Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configuration files. Attackers can send a request to /goform/getimage endpoint to download configuration data including admin credentials without authentication. In addition, information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2021-47802 // JVNDB: JVNDB-2026-002627

AFFECTED PRODUCTS

vendor:	tenda	model:	d301	scope:	eq	version:	-	Trust: 1.8
vendor:	tenda	model:	d151	scope:	eq	version:	-	Trust: 1.0
vendor:	tenda	model:	d151	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-002627 // NVD: CVE-2021-47802

CVSS

SEVERITY

CVSSV2

CVSSV3

disclosure@vulncheck.com:	CVE-2021-47802
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2026-002627
value:	HIGH
Trust: 0.8

disclosure@vulncheck.com:	CVE-2021-47802
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-002627
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-002627 // NVD: CVE-2021-47802

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	Lack of authentication for critical features (CWE-306) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-002627 // NVD: CVE-2021-47802

EXTERNAL IDS

db:	NVD	id:	CVE-2021-47802	Trust: 2.6
db:	EXPLOIT-DB	id:	49782	Trust: 1.8
db:	JVNDB	id:	JVNDB-2026-002627	Trust: 0.8

sources: JVNDB: JVNDB-2026-002627 // NVD: CVE-2021-47802

REFERENCES

url:	https://www.tendacn.com/us/	Trust: 1.8
url:	https://www.exploit-db.com/exploits/49782	Trust: 1.8
url:	https://www.vulncheck.com/advisories/tenda-d-d-configuration-download	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2021-47802	Trust: 0.8

sources: JVNDB: JVNDB-2026-002627 // NVD: CVE-2021-47802

SOURCES

db:	JVNDB	id:	JVNDB-2026-002627
db:	NVD	id:	CVE-2021-47802

LAST UPDATE DATE

2026-02-12T23:39:56.036000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-002627	date:	2026-02-04T09:42:00
db:	NVD	id:	CVE-2021-47802	date:	2026-02-02T17:44:40.993

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-002627	date:	2026-02-04T00:00:00
db:	NVD	id:	CVE-2021-47802	date:	2026-01-21T18:16:09.423