N/A

Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

N/A

Tenda N300 资源管理错误漏洞

Tenda N300是中国腾达（Tenda）公司的一款路由器。 Tenda N300 F3 12.01.01.48 存在安全漏洞，该漏洞允许远程攻击者可利用该漏洞通过直接请求cgi-bin DownloadCfg RouterCfm获取敏感信息(可能包括http密码行)。

N/A

N/A