Benchaliah

**Name of the Vulnerable Software and Affected Versions** Tenda D151 routers (affected versions not specified) Tenda D301 routers (affected versions not specified) **Description** Remote attackers can retrieve router configuration files from Tenda D151 and D301 routers without authentication. This is possible by sending a request to the `/goform/getimage` API endpoint. The configuration data downloaded may include admin credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.