Cyber Resilience

CVE-2020-36963

HighPublic PoC

Published: 28 January 2026

Published
28 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0036 28.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2020-36963 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Intelbras Router RF (inferred from references). Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2020-36963 is an authentication bypass vulnerability in the Intelbras Router RF 301K firmware version 1.1.2. The flaw enables unauthenticated attackers to download sensitive router configuration files by sending a specific HTTP GET request to the /cgi-bin/DownloadCfg/RouterCfm.cfg endpoint, bypassing any required authentication mechanisms. It is classified under CWE-306 (Missing Authentication for Critical Function) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Remote unauthenticated attackers can exploit this vulnerability over the network with low complexity and no user interaction. Exploitation allows retrieval of confidential router configuration data, potentially exposing credentials, network settings, or other sensitive information stored in the RouterCfm.cfg file.

Advisories and references for this CVE include a proof-of-concept exploit published on Exploit-DB (https://www.exploit-db.com/exploits/49126), the vendor's website at Intelbras (https://www.intelbras.com/pt-br/), and a Vulncheck advisory (https://www.vulncheck.com/advisories/intelbras-router-rf-k-authentication-bypass). These resources provide further details on the issue, though specific patch or mitigation guidance is not detailed in the available CVE information.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download router configuration files. Attackers can send a specific HTTP GET request to /cgi-bin/DownloadCfg/RouterCfm.cfg to retrieve sensitive router configuration without authentication.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Auth bypass on public router web endpoint directly enables T1190 for remote config retrieval; exposed RouterCfm.cfg file facilitates T1552.001 by exposing credentials/settings.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2020-37157Shared CWE-306
CVE-2020-37146Shared CWE-306
CVE-2025-61956Shared CWE-306
CVE-2021-47802Shared CWE-306
CVE-2026-41930Shared CWE-306
CVE-2026-4810Shared CWE-306
CVE-2025-53847Shared CWE-306
CVE-2025-61757Shared CWE-306
CVE-2025-68715Shared CWE-306
CVE-2026-21992Shared CWE-306

Affected Assets

Intelbras
Router RF
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identification and restriction of actions permitted without authentication, preventing exposure of critical functions like unauthenticated configuration file downloads.

prevent

Mandates enforcement of approved access authorizations, blocking unauthenticated HTTP requests to sensitive router configuration endpoints.

prevent

Requires identification, reporting, and correction of flaws such as this authentication bypass vulnerability through patching firmware updates.

References