CVE-2020-36963
Published: 28 January 2026
Summary
CVE-2020-36963 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Intelbras Router RF (inferred from references). Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2020-36963 is an authentication bypass vulnerability in the Intelbras Router RF 301K firmware version 1.1.2. The flaw enables unauthenticated attackers to download sensitive router configuration files by sending a specific HTTP GET request to the /cgi-bin/DownloadCfg/RouterCfm.cfg endpoint, bypassing any required authentication mechanisms. It is classified under CWE-306 (Missing Authentication for Critical Function) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Remote unauthenticated attackers can exploit this vulnerability over the network with low complexity and no user interaction. Exploitation allows retrieval of confidential router configuration data, potentially exposing credentials, network settings, or other sensitive information stored in the RouterCfm.cfg file.
Advisories and references for this CVE include a proof-of-concept exploit published on Exploit-DB (https://www.exploit-db.com/exploits/49126), the vendor's website at Intelbras (https://www.intelbras.com/pt-br/), and a Vulncheck advisory (https://www.vulncheck.com/advisories/intelbras-router-rf-k-authentication-bypass). These resources provide further details on the issue, though specific patch or mitigation guidance is not detailed in the available CVE information.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-30886
Vulnerability details
Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download router configuration files. Attackers can send a specific HTTP GET request to /cgi-bin/DownloadCfg/RouterCfm.cfg to retrieve sensitive router configuration without authentication.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Auth bypass on public router web endpoint directly enables T1190 for remote config retrieval; exposed RouterCfm.cfg file facilitates T1552.001 by exposing credentials/settings.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires identification and restriction of actions permitted without authentication, preventing exposure of critical functions like unauthenticated configuration file downloads.
Mandates enforcement of approved access authorizations, blocking unauthenticated HTTP requests to sensitive router configuration endpoints.
Requires identification, reporting, and correction of flaws such as this authentication bypass vulnerability through patching firmware updates.