Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0, software NET_4.109.0, allows remote unauthenticated users to download the router configuration file via the /backupsettings.conf URI, when any valid session is running.
References
Link | Resource |
---|---|
https://medium.com/@alexandrevvo/improper-access-control-in-the-sagemcom-router-model-f-st3486-net-797968e8adc8 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2020-11-27 08:15
Updated : 2021-07-21 04:39
NVD link : CVE-2020-29138
Mitre link : CVE-2020-29138
JSON object : View
CWE
CWE-306
Missing Authentication for Critical Function
Products Affected
sagemcom
- f\@st_3486_router
- f\@st_3486_router_firmware