CRITICAL🇬🇧 English

CVE-2020-35391

CVSS 9.6v3.1pub. 2021-01-01upd. 2024-11-21

Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior.

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Tenda F3

    HW
    Tenda
    wszystkie wersje
  • Tenda F3 Firmware

    OS
    Tenda
    12.01.01.48
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-27514HIGH7.1ten sam produkt

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a sensitive information exposure vulner...

CVE-2026-27511MEDIUM5.1ten sam produkt

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a clickjacking vulnerability in the web...

CVE-2026-27512MEDIUM5.1ten sam produkt

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a content-type confusion vulnerability ...

CVE-2026-27513MEDIUM5.1ten sam produkt

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a cross-site request forgery (CSRF) vul...

CVE-2025-57569MEDIUM5.6ten sam produkt

Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the portList parameter in /goform/s...