CVE-2021-47921 Free Photo & Video Vault 0.0.2 Directory Traversal Vulnerability via Web Request

Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can exploit the vulnerability without privileges to retrieve environment variables and access...

CVE-2020-36963 Intelbras Router RF 301K 1.1.2 - Authentication Bypass

Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download router configuration files. Attackers can send a specific HTTP GET request to /cgi-bin/DownloadCfg/RouterCfm.cfg to retrieve sensitive router...

CVE-2020-35391

Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information possibly including an httppasswd line via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must b...