Vendor: Tenda
Product: AC10
Version: US_AC10V4.0si_V16.03.10.09_multi_TDE01
Type: Misconfig
Firmware link: https://www.tendacn.com/material/show/104560
The Tenda AC10 V4.0 (Hardware Revision 4.0) running firmware version V16.03.10.09 contains improper access controls on the /goform/ate endpoint within its web management interface.
This endpoint is intended to enable the ate binary — a remote system management/debugging interface — but lacks authentication enforcement. An unauthenticated remote attacker can trigger this endpoint directly, enabling ate and potentially gaining unauthorized access to low-level system functions or sensitive configurations. This vulnerability facilitates unauthorized access to privileged operations and significantly increases the router's attack surface.
int __fastcall TendaAte(_DWORD *a1)
{
if ( !proc_check_app(&unk_4FF090) )
{
doSystemCmd("ate &");
sleep(1u);
}
websWrite((int)a1, "load mfg success.");
return websDone(a1, 200);
}