CVE-2020-35391

CRITICAL EXPLOITED IN THE WILD

Tenda N300 F3 12.01.01.48 - Info Disclosure

Title source: llm

Description

Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior.

Exploits (4)

exploitdb WORKING POC

by @h454nsec · pythonremotehardware

https://www.exploit-db.com/exploits/51317

View Code ZIP pw:eip

nomisec WORKING POC 3 stars

by 4d000 · infoleak

https://github.com/4d000/Tenda-F3-V4

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by H454NSec · infoleak

https://github.com/H454NSec/CVE-2020-35391

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by dumitory-dev · infoleak

https://github.com/dumitory-dev/CVE-2020-35391-POC

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/171773/Tenda-N300-F3-12.01.01.48-Header-Processing.html

[Various Sources] https://medium.com/%40signalhilltech/tenda-n300-authentication-bypass-via-malformed-http-request-header-5b8744ca685e

Scores

CVSS v3 9.6

EPSS 0.4684

EPSS Percentile 97.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

VulnCheck KEV 2024-09-18

InTheWild.io 2024-09-18

CWE

CWE-425

Status published

Products (1)

tenda/f3_firmware 12.01.01.48

Published Jan 01, 2021

Tracked Since Feb 18, 2026