CVE-2020-29138
MEDIUMSAGEMCOM F@ST3486 NET DOCSIS 3.0 NET_4.109.0 - Unauthenticated Configuration File Download via /backupsettings.conf
Title source: llmDescription
Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0, software NET_4.109.0, allows remote unauthenticated users to download the router configuration file via the /backupsettings.conf URI, when any valid session is running.
References (1)
Core 1
Core References
Various Sources x_refsource_misc
https://medium.com/%40alexandrevvo/improper-access-control-in-the-sagemcom-router-model-f-st3486-net-797968e8adc8
Scores
CVSS v3
5.3
EPSS
0.0112
EPSS Percentile
61.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-306
Status
published
Products (1)
sagemcom/f\@st_3486_router_firmware
4.109.0
Published
Nov 27, 2020
Tracked Since
Feb 18, 2026