Tenda N300 F3 デバイスにおけるリクエストの直接送信に関する脆弱性
| Title |
Tenda N300 F3 デバイスにおけるリクエストの直接送信に関する脆弱性
|
| Summary |
Tenda N300 F3 デバイスには、リクエストの直接送信に関する脆弱性が存在します。
|
| Possible impacts |
情報を取得される可能性があります。 |
| Solution |
ベンダ情報および参考情報を参照して適切な対策を実施してください。 |
| Publication Date |
Dec. 31, 2020, midnight |
| Registration Date |
Sept. 10, 2021, 2:37 p.m. |
| Last Update |
Sept. 10, 2021, 2:37 p.m. |
|
CVSS3.0 : 警告
|
| Score |
6.5
|
| Vector |
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
CVSS2.0 : 注意
|
| Score |
3.3
|
| Vector |
AV:A/AC:L/Au:N/C:P/I:N/A:N |
Affected System
| Shenzhen Tenda Technology Co.,Ltd. |
|
F3 ファームウェア 12.01.01.48
|
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
その他
Change Log
| No |
Changed Details |
Date of change |
| 1 |
[2021年09月10日]
掲載 |
Sept. 10, 2021, 2:37 p.m. |
NVD Vulnerability Information
CVE-2020-35391
| Summary |
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior.
|
| Publication Date |
Jan. 1, 2021, 4:15 p.m. |
| Registration Date |
Jan. 26, 2021, 11:57 a.m. |
| Last Update |
Nov. 21, 2024, 2:27 p.m. |
Affected software configurations
| Configuration1 |
or higher |
or less |
more than |
less than |
| cpe:2.3:o:tenda:f3_firmware:12.01.01.48:*:*:*:*:*:*:* |
|
|
|
|
| execution environment |
| 1 |
cpe:2.3:h:tenda:f3:-:*:*:*:*:*:*:* |
Related information, measures and tools
Common Vulnerabilities List