logo
Vulnerability feed
Contributors
About
Blog
CONTRIBUTE

Vulnerability

warn

CVE-2020-35391

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2020-35391

Description:
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior.
Last updated date:
04/10/2023

Reports

alt

ACTIVELY EXPLOITED

Type:
exploitation
Confidence:
HIGH
Date of publishing:
09/18/2024
Reference url to background

https://media.defense.gov/2024/Sep/18/2003547016/-1/-1/1/CSA-PRC-LINKED-ACTORS-BOTNET.PDF

Type:
exploit
Confidence:
HIGH
Date of publishing:
07/21/2021
Reference url to background

https://medium.com/@signalhilltech/tenda-n300-authentication-bypass-via-malformed-http-request-header-5b8744ca685e

Type:
exploit
Confidence:
HIGH
Date of publishing:
03/09/2023
Reference url to background

https://github.com/H454NSec/CVE-2020-35391

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2025

Privacy Policy

This website uses cookies to enhance the user experience. Check out our privacy policy