Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-29138

EPSS 0.64% · P71
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-29138

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0, software NET_4.109.0, allows remote unauthenticated users to download the router configuration file via the /backupsettings.conf URI, when any valid session is running.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Sagemcom F@ST3486 NET 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Sagemcom Sagemcom F@ST3486 NET是法国Sagemcom公司的一款路由器。 SAGEMCOM F@ST3486 NET DOCSIS 3.0, software NET_4.109.0 存在授权问题漏洞,该漏洞源于当任何有效的会话运行时,配置备份路径中的不正确的访问控制允许远程未经身份验证的用户通过backupsettings.conf URI下载路由器配置文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2020-29138

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-29138

登录查看更多情报信息。

Same Patch Batch · n/a · 2020-11-27 · 32 CVEs total

CVE-2020-77806.3 MEDIUMCross-site Request Forgery (CSRF)
CVE-2020-29133Coremail XT 跨站脚本漏洞
CVE-2020-29367Blosc C-Blosc 缓冲区错误漏洞
CVE-2020-29135cPanel 注入漏洞
CVE-2020-29137cPanel 跨站脚本漏洞
CVE-2020-29136cPanel 安全漏洞
CVE-2020-29145Ericsson BSCS iX R18 Billing & Rating 跨站脚本漏洞
CVE-2020-29144Ericsson BSCS iX R Billing & Rating 跨站脚本漏洞
CVE-2020-25738Cyberark Software Endpoint Privilege Manager 代码问题漏洞
CVE-2019-19869B&r Automation APROL 安全漏洞
CVE-2019-19872B&R Industrial Automation APROL 注入漏洞
CVE-2019-19873B&r Automation APROL 授权问题漏洞
CVE-2019-19874B&r Automation APROL 注入漏洞
CVE-2019-19875B&r Automation APROL 命令注入漏洞
CVE-2019-19876B&r Automation APROL SQL注入漏洞
CVE-2019-19877B&R Industrial Automation APROL 路径遍历漏洞
CVE-2019-19878B&r Automation APROL 授权问题漏洞
CVE-2020-27745SchedMD Slurm 缓冲区错误漏洞
CVE-2020-27746SchedMD Slurm 竞争条件问题漏洞
CVE-2020-25014Zyxel UTM 和 Zyxel Gateway VPN series 缓冲区错误漏洞

Showing top 20 of 32 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2020-29138

No comments yet

Leave a comment