⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2020-35391

CWE-425CWE-416Use After Free5 documents5 sources
Severity
6.5MEDIUM
EPSS
46.8%
top 2.33%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Tenda F3 Firmware
Timeline
PublishedJan 1
Latest updateApr 7

Description

Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages1 packages

NVDtenda/f3_firmware12.01.01.48

🔴Vulnerability Details

3
GHSA
GHSA-mfx7-787g-3rp3: Tenda N300 F3 122022-05-24
CVEList
CVE-2020-35391: Tenda N300 F3 122021-01-01
VulnCheck
Tenda f3_firmware Direct Request ('Forced Browsing')2020

💥Exploits & PoCs

1
Exploit-DB
Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing2023-04-07
CVE-2020-35391 (MEDIUM CVSS 6.5) | Tenda N300 F3 12.01.01.48 devices a | cvebase.io