What is the CVSS score of CVE-2021-47802?

CVE-2021-47802 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.5%.

Which versions of D151 Firmware are affected by CVE-2021-47802?

CVE-2021-47802 presents notable security risk, a missing authentication vulnerability rated CVSS 7.5.

Is there a public PoC exploit available for CVE-2021-47802?

Yes, a public proof-of-concept exploit is available for CVE-2021-47802. Prioritise patching immediately. EPSS: 0.5%.

How to fix or mitigate CVE-2021-47802?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Audit authentication configurations and rotate any potentially compromised credentials.

D151 Firmware CVE-2021-47802

HIGH

Missing Authentication for Critical Function (CWE-306)

2026-01-21 disclosure@vulncheck.com

Authentication Bypass D151 Firmware D301 Firmware

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 02, 2026 - 17:44 vuln.today

Public exploit code

CVE Published

Jan 21, 2026 - 18:16 nvd

HIGH 7.5

DescriptionCVE.org

Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configuration files. Attackers can send a request to /goform/getimage endpoint to download configuration data including admin credentials without authentication.

AnalysisAI

D151 Firmware versions up to - is affected by missing authentication for critical function (CVSS 7.5).

Technical ContextAI

This vulnerability (CWE-306: Missing Authentication for Critical Function) affects D151 Firmware. Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configuration files. Attackers can send a request to /goform/getimage endpoint to download configuration data including admin credentials without authentication.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2021-47802 vulnerability details – vuln.today

Back

D151 Firmware CVE-2021-47802

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code