CVE-2020-35391

Description

Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior.

CVSS Version 3.1
CVSS Version 2.0

nvd
CVE ID: CVE-2020-35391
Base Score: 6.5
Base Severity: MEDIUM
Vector String:CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 2.8

mitre
CVE ID: CVE-2020-35391
Base Score: 9.6
Base Severity: CRITICAL
Vector String:CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Impact Score: 6.0
Exploitability Score: 2.8

nvd
CVE ID: CVE-2020-35391
Base Score: 3.3
Base Severity: LOW
Vector String:AV:A/AC:L/Au:N/C:P/I:N/A:N

Proof Of Concept

dumitory-dev

Tenda N300 Authentication Bypass via Malformed HTTP Request Header

Refrence: GitHub

H454NSec

Tenda f3 Malformed HTTP Request Header Processing Vulnerability.

Refrence: GitHub

Refrence: NVD MITRE

Description​

Proof Of Concept​

Description

Proof Of Concept