CVE-2026-30140

An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and...

PT-2026-24098

An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26 cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and...

CVE-2019-25227

Tellion HN-2204AP routers contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/systemconfigfile management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without requiring authentication or authorization. The exposed configuration...

CVE-2020-35391

Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information possibly including an httppasswd line via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must b...

CVE-2017-14942

Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie...

PT-2017-13767 · Intelbras · Intelbras Wrn 150

Name of the Vulnerable Software and Affected Versions: Intelbras WRN 150 devices affected versions not specified Description: The issue allows remote attackers to read the configuration file and bypass authentication by making a direct request for "cgi-bin/DownloadCfg/RouterCfm.cfg" with an...

CVE-2005-1828

D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information...