CVE-2020-29656

Published: Dec 9, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An information disclosure vulnerability exists in RT-AC88U Download Master before 3.1.0.108. A direct access to /downloadmaster/dm_apply.cgi?action_mode=initial&download_type=General&special_cgi=get_language makes it possible to reach "unknown functionality" in a "known to be easy" manner via an unspecified "public exploit."

Affected (1)

Products: Asus: Rt Ac88u Firmware

1 product

Rt Ac88u Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Rt Ac88u Firmware	Before 3.1.0.108

Running on/with	Platform Versions
Asus Rt Ac88u	All versions

Related CWEs

Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

References (2)

https://vuldb.com/?id.165677

Source: cve@mitre.org

Third Party Advisory

https://vuldb.com/?id.165677

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.