Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-01-01T00:00:00

Updated: 2024-08-04T17:02:08.149Z

Reserved: 2020-12-14T00:00:00

Link: CVE-2020-35391

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-01-01T07:15:16.100

Modified: 2023-11-07T03:21:54.343

Link: CVE-2020-35391

cve-icon Redhat

No data.