Vulnerability Details CVE-2020-29138
Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0, software NET_4.109.0, allows remote unauthenticated users to download the router configuration file via the /backupsettings.conf URI, when any valid session is running.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.5%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2020-29138
-
cpe:2.3:h:sagemcom:f@st_3486_router:3.0
-
cpe:2.3:o:sagemcom:f@st_3486_router_firmware:4.109.0