CVE-2026-30140

An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and...

CVE-2020-36963

Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download router configuration files. Attackers can send a specific HTTP GET request to /cgi-bin/DownloadCfg/RouterCfm.cfg to retrieve sensitive router...

CVE-2020-36963 Intelbras Router RF 301K 1.1.2 - Authentication Bypass

Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download router configuration files. Attackers can send a specific HTTP GET request to /cgi-bin/DownloadCfg/RouterCfm.cfg to retrieve sensitive router...

EUVD-2025-201856

A vulnerability was determined in Tenda AC9 15.03.05.14multi. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/DownloadCfg.jpg of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The...

CVE-2025-14286

The CVE-2025-14286 entry concerns Tenda AC9 devices with version 15.03.05.14_multi. The vulnerability targets the file /cgi-bin/DownloadCfg.jpg in the Configuration File Handler, where an unknown functionality can be manipulated to disclose information. The issue can be exploited remotely, and pu...

CVE-2025-9133

A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16 through V5.40 could...

EUVD-2025-35119

A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50W series firmware versions from V4.16 through V5.40, and USG20W-VPN series firmware versions from V4.16 through V5.40 could...

EUVD-2016-3290

Malware in sbrugna...

CVE-2025-29514

Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request...

PT-2025-34611 · D Link · Dsl-7740C

Name of the Vulnerable Software and Affected Versions: D-Link DSL-7740C version DSL7740C.V6.TR069.20211230 Description: An incorrect access control issue exists in the config.xgi function of the device. This allows attackers to download the configuration file by submitting a crafted web request...

Linux Distros Unpatched Vulnerability : CVE-2018-14371

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker...

CVE-2022-48164

An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials...

CVE-2022-48166

An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials...

CVE-2023-49256 Predictable encryption passphrase used in publicly accessible configuration file

It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key...

Rancher 操作系统命令注入漏洞

Rancher Labs Rancher is a suite of open source, enterprise-grade container management platforms from US-based Rancher Labs. Rancher suffers from an operating system command injection vulnerability that stems from the presence of an operating system command injection vulnerability that allows a us...

CVE-2022-48166

An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials...

CVE-2022-42490

Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is...

Tenda N300 Resource Management Error Vulnerability

The Tenda N300 is a router from the Chinese company Tenda. A security vulnerability exists in Tenda N300 F3 12.01.01.48, which allows remote attackers to obtain sensitive information possibly including http password lines via a direct request to cgi-bin DownloadCfg RouterCfm...

CVE-2020-29056

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices...

Eclipse Mojarra Information Disclosure Vulnerability

Eclipse Mojarra is an implementation of the Eclipse Foundation's JavaServer Faces specification JSR-372, which is primarily used to build component-based user interfaces for Web applications. A security vulnerability exists in the 'getLocalePrefix' function of the ResourceManager.java file in...