CVE-2020-36963 HIGH

CVE-2020-36963: Intelbras Router RF 301K 1.1.2 - Authentication Bypass

Vendor Intelbras
Product Intelbras Router RF 301K
Weakness CWE-306 · Missing auth
Published January 28, 2026
Last update April 7, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download router configuration files. Attackers can send a specific HTTP GET request to /cgi-bin/DownloadCfg/RouterCfm.cfg to retrieve sensitive router configuration without authentication.

Key dates

02Disclosure timeline

January 28, 2026 CVE published
April 7, 2026 Record updated