124 matches found
CVE-2024-14034
Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTPS management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTPS requests. Attackers can exploit improper authentication...
EUVD-2026-10093
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switchconfig.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to...
CVE-2026-25071
CVE-2026-25071 affects XikeStor SKS8310-8X network switch firmware version 1.04.B07 and earlier. The vulnerability is a missing authentication on the /switch_config.src endpoint, allowing unauthenticated remote attackers to download device configuration files, potentially exposing sensitive VLAN ...
CVE-2026-27514
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits...
CVE-2026-27514
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits...
CVE-2026-27514
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits...
CVE-2026-27514 Tenda F3 Plaintext Credential Exposure in Configuration Download
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits...
CVE-2026-27514 Tenda F3 Plaintext Credential Exposure in Configuration Download
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits...
Tenda F3 安全漏洞
Tenda F3 is a wireless router produced by the Chinese company Tenda. The Tenda F3 V12.01.01.55multi version has a security vulnerability. This vulnerability stems from the configuration download function, which exposes sensitive information in plain text, and the lack of cache control instruction...
CVE-2026-22905
CVE-2026-22905 describes an unauthenticated remote authentication bypass achieved by insufficient URI validation and path traversal (example: /js/../cgi-bin/post.cgi) that grants access to protected CGI endpoints and configuration downloads. The entry provides a CVSS v3.1 base score of 7.5 (Netwo...
PT-2026-7083
An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences e.g., /js/../cgi-bin/post.cgi, gaining unauthorized access to protected CGI endpoints and configuration downloads...
CVE-2020-36963
CVE-2020-36963 affects Intelbras Router RF 301K firmware 1.1.2, with an authentication bypass that lets unauthenticated attackers fetch sensitive router config files. Exploitation involves sending a specific HTTP GET to /cgi-bin/DownloadCfg/RouterCfm.cfg to download RouterCfm.cfg without authenti...
CVE-2021-47802
Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configuration files. Attackers can send a request to /goform/getimage endpoint to download configuration data including admin credentials without...
CVE-2021-47802 Tenda D151 & D301 - Configuration Download
Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configuration files. Attackers can send a request to /goform/getimage endpoint to download configuration data including admin credentials without...
CVE-2021-47802
Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configuration files. Attackers can send a request to /goform/getimage endpoint to download configuration data including admin credentials without...
EUVD-2026-3650
Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configuration files. Attackers can send a request to /goform/getimage endpoint to download configuration data including admin credentials without...
PT-2026-3797
Name of the Vulnerable Software and Affected Versions Tenda D151 routers affected versions not specified Tenda D301 routers affected versions not specified Description Remote attackers can retrieve router configuration files from Tenda D151 and D301 routers without authentication. This is possibl...
CVE-2025-65212
An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The vulnerability stems from the device's insufficient cookie verification, allowing an attacker to directly request the configuration file address and download the core configuration file without logging into the...
EUVD-2023-60182
MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with 'action=getconfig' to...
CVE-2023-53770
CVE-2023-53770 affects MiniDVBLinux 5.4 and describes an unauthenticated configuration disclosure via a direct object reference. The vulnerability allows remote attackers to retrieve a complete system configuration archive containing sensitive credentials by issuing a GET request to the backup do...