Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-35391
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Tenda N300 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Tenda N300是中国腾达(Tenda)公司的一款路由器。 Tenda N300 F3 12.01.01.48 存在安全漏洞,该漏洞允许远程攻击者可利用该漏洞通过直接请求cgi-bin DownloadCfg RouterCfm获取敏感信息(可能包括http密码行)。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-n/a n/a -
II. Public POCs for CVE-2020-35391
#POC DescriptionSource LinkShenlong Link
1Tenda N300 Authentication Bypass via Malformed HTTP Request Headerhttps://github.com/dumitory-dev/CVE-2020-35391-POCPOC Details
2Tenda f3 Malformed HTTP Request Header Processing Vulnerability.https://github.com/H454NSec/CVE-2020-35391POC Details
3A Python tool for exploiting CVE-2020-35391 on Tenda F3 V3 and F3 V4 routers, allowing unauthorized access to config, flash, and syslog files. Automates the process of downloading hidden files from the router.https://github.com/4d000/Tenda-F3-V4POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2020-35391
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: n/a
Same vendor: n/a
V. Comments for CVE-2020-35391

No comments yet

Leave a comment