CVE-2020-35391 PoC — Tenda N300 资源管理错误漏洞

Source

https://github.com/H454NSec/CVE-2020-35391

Associated Vulnerability

Title:Tenda N300 资源管理错误漏洞 (CVE-2020-35391)
Description:Tenda N300是中国腾达（Tenda）公司的一款路由器。 Tenda N300 F3 12.01.01.48 存在安全漏洞，该漏洞允许远程攻击者可利用该漏洞通过直接请求cgi-bin DownloadCfg RouterCfm获取敏感信息(可能包括http密码行)。

Description

Tenda f3 Malformed HTTP Request Header Processing Vulnerability.

Readme

# CVE-2020-35391
Tenda f3 Malformed HTTP Request Header Processing Vulnerability.

## Run
```
python3 CVE-2020-35391.py --help
python3 CVE-2020-35391.py
python3 CVE-2020-35391.py -i http://127.0.0.1:8080
python3 CVE-2020-35391.py -l ip.txt
```

## Tenda F3
![router.jpg](img/router.jpg)
## Shodan Dork
![shodan.png](img/shodan.png)
## Exploitation
![show.png](img/show.png)

File Snapshot


 [4.0K]  /data/pocs/a5405245ad25965ef0dac869f1726fa74f2be1d4
├── [3.4K]  CVE-2020-35391.py
├── [4.0K]  img
│   ├── [ 34K]  router.jpg
│   ├── [143K]  shodan.png
│   └── [165K]  show.png
└── [ 374]  README.md

1 directory, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!