CVE-2017-14942
published 2017-09-30CVE-2017-14942: Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for…
PriorityP180critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
60.86%
99.0th percentile
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intelbras | wrn_150_firmware | — | — |
| tenda | f3_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring HTTP GET requests to /cgi-bin/DownloadCfg/RouterCfm.cfg, especially those carrying the 'admin:language' cookie header. ↗
- →A successful exploit response will have Content-Type containing 'config/conf', HTTP status 200, and body containing both 'wl_' and '_passwd' strings — flag responses matching all three conditions. ↗
- →Use Shodan/FOFA queries to identify exposed Intelbras WRN150 devices as potential targets: Shodan html:"WRN150", FOFA title="WRN150". ↗
- →Reference exploit available at exploit-db for signature/rule development. ↗
- ·For the related Tenda N300 F3 variant (CVE-2020-35391), it is unclear whether a trailing '?' after the filename or unusual HTTP request headers are required to trigger the vulnerable response — the exact triggering condition is unconfirmed. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mfx7-787g-3rp3: Tenda N300 F3 12
ghsa_unreviewed·2022-05-24·CVSS 9.8
CVE-2020-35391 [CRITICAL] CWE-416 GHSA-mfx7-787g-3rp3: Tenda N300 F3 12
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior.
GHSA
GHSA-wrw5-8cw7-5jm9: Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-
ghsa_unreviewed·2022-05-13
CVE-2017-14942 [CRITICAL] CWE-552 GHSA-wrw5-8cw7-5jm9: Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie.
VulnCheck
Tenda f3_firmware Direct Request ('Forced Browsing')
vulncheck·2020·CVSS 9.8
CVE-2020-35391 [CRITICAL] Tenda f3_firmware Direct Request ('Forced Browsing')
Tenda f3_firmware Direct Request ('Forced Browsing')
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior.
Affected: Tenda f3_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://media.defense.gov/2024/Sep/18/2003547016/-1/-1/0/C
No detection rules found.
Nuclei
Intelbras WRN 150 - Authentication Bypass
nuclei·CVSS 9.8
CVE-2017-14942 [CRITICAL] Intelbras WRN 150 - Authentication Bypass
Intelbras WRN 150 - Authentication Bypass
Intelbras WRN 150 router is vulnerable to authentication bypass through cookie manipulation. An attacker can bypass authentication and download the router configuration file by manipulating the admin:language cookie.
Template:
id: CVE-2017-14942
info:
name: Intelbras WRN 150 - Authentication Bypass
author: ritikchaddha
severity: critical
description: |
Intelbras WRN 150 router is vulnerable to authentication bypass through cookie manipulation. An attacker can bypass authentication and download the router configuration file by manipulating the admin:language cookie.
impact: |
Attackers can bypass authentication and download the router configuration file containing credentials, network settings, and sensitive information, potentially leading to c
No writeups or analysis indexed.
2017-09-30
Published