Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configurat...
Description
Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configuration files
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: NoteBurner
PRODUCT: Multiple Products
AFFECTED_VERSIONS: 2.35
CONFIDENCE: high
MISSING: patch
---END_METADATA---
Description Summary:
NoteBurner 2.35 contains a buffer overflow vulnerability in the license code input field, allowing attackers to trigger an application crash via a 6000-byte payload.
Executive Summary:
A critical buffer overflow vulnerability in NoteBurner 2.35 allows unauthenticated attackers to cause an application crash through malicious input.
Vulnerability Details
CVE-ID: CVE-2021-47798
Affected Software: NoteBurner Multiple Products
Affected Versions: 2.35
Vulnerability: This is a buffer overflow vulnerability triggered by injecting an oversized 6000-byte payload into the application's 'Name' and 'Code' license fields. The vulnerability can be exploited by an unauthenticated attacker to destabilize the application.
Business Impact
The CVSS score of 9.8 reflects the high potential for service disruption. While the current impact is limited to application crashes, such vulnerabilities can sometimes be leveraged for arbitrary code execution, leading to potential system compromise or data loss.
Remediation Plan
Immediate Action: Update to the latest available version of the NoteBurner software as specified by the vendor's security advisory.
Proactive Monitoring: Review application logs for unexpected crashes or error patterns coinciding with license registration attempts.
Compensating Controls: Restrict access to the application's registration interface if possible, and ensure the host system is protected by endpoint security solutions.
Exploitation Status
Public Exploit Available: None
Analyst Notes: As of Jan 16, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the critical severity score, administrators should prioritize updating affected NoteBurner installations immediately. Failure to patch leaves the application susceptible to denial-of-service attacks that could impact operational continuity.