Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-35391 PoC — Tenda N300 资源管理错误漏洞

Source
https://github.com/4d000/Tenda-F3-V4
Associated Vulnerability
Title:Tenda N300 资源管理错误漏洞 (CVE-2020-35391)
Description:Tenda N300是中国腾达(Tenda)公司的一款路由器。 Tenda N300 F3 12.01.01.48 存在安全漏洞,该漏洞允许远程攻击者可利用该漏洞通过直接请求cgi-bin DownloadCfg RouterCfm获取敏感信息(可能包括http密码行)。
Description
A Python tool for exploiting CVE-2020-35391 on Tenda F3 V3 and F3 V4 routers, allowing unauthorized access to config, flash, and syslog files. Automates the process of downloading hidden files from the router.
Readme
# Tenda F3 Router Exploit & File Downloader

This project is a tool for downloading various files from the Tenda F3 router (v3/v4) through an unauthenticated vulnerability (CVE-2020-35391). It allows you to get the configuration file, system log, and flash dump from a vulnerable router.

## Overview

The script exploits a vulnerability found in the Tenda F3 router, enabling an attacker to download sensitive files without authentication. Specifically, the following files can be downloaded (I'm working on adding the possibility to change the password):

- Configuration file `RouterCfm.cfg` (that contains everything in plain text)
- System log file `RouterSystem.log`
- Flash memory dump `RouterFlash.bin`

## Features

- **Download the configuration file**: Fetches the router's configuration file.
- **Download the system log file**: Fetches the router's system log file.
- **Download the flash dump**: Dumps the router's flash memory.

## Requirements

- Python 3.x
- `socket` and `optparse` libraries (usually included with Python)

## Usage

```
python3 tendaF3-tool.py --target <target_ip> [options]
```

### Options:
- `-t, --target` : Specify the target IP address (required).
- `-c, --config` : Download the configuration file (`RouterCfm.cfg`).
- `-l, --log` : Download the system log file (`RouterSystem.log`).
- `-f, --flash` : Download the flash dump (`RouterFlash.bin`).

Example usage:
```
python3 tendaF3-tool.py -t 192.168.0.1 --config
```

This will download the configuration file from the target router.

## License

This repository is licensed under the MIT License. See the [LICENSE](LICENSE) file for more information.

---

**Note**: This tool is intended for educational purposes only. Please ensure you have proper authorization before testing any network or device.
File Snapshot

 [4.0K]  /data/pocs/cf0787b361d52409c3fc4aebfae672be8865c5bd
├── [1.0K]  LICENSE
├── [1.8K]  README.md
└── [2.0K]  tendaF3-tool.py

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.