Jhx-Ui

**Name of the Vulnerable Software and Affected Versions** Tenda W15E version V02.03.01.26 cn **Description** An incorrect access control issue exists that allows an unauthenticated attacker to access the `/cgi-bin/DownloadCfg/RouterCfm.jpg` endpoint. This access enables the download of the configuration file, which contains administrator credentials in plaintext. Successful exploitation can lead to sensitive information disclosure and potential remote administrative access. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `/cgi-bin/DownloadCfg/RouterCfm.jpg` endpoint.