CVE-2020-36963

CVE Database · CVE-2020-36963

CVE-2020-36963

· HIGHDeferred

CVSS v3.1

7.5

CVSS v4.0

8.7

EPSS

0.36%

Published

Jan 28, 2026

Modified

Apr 14, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download router configuration files. Attackers can send a specific HTTP GET request to /cgi-bin/DownloadCfg/RouterCfm.cfg to retrieve sensitive router configuration without authentication.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-306

References (4)

https://www.exploit-db.com/exploits/49126

https://www.intelbras.com/pt-br/

https://www.vulncheck.com/advisories/intelbras-router-rf-k-authentication-bypass

https://www.exploit-db.com/exploits/49126

KEV Catalog EPSS Scores Vendors All CVEs