What is the CVSS score of CVE-2020-36963?

CVE-2020-36963 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.3%.

Is there a public PoC exploit available for CVE-2020-36963?

Yes, a public proof-of-concept exploit is available for CVE-2020-36963. Prioritise patching immediately. EPSS: 0.3%.

How to fix or mitigate CVE-2020-36963?

Within 24 hours: Identify all Intelbras RF 301K devices in your network inventory and isolate affected units from untrusted networks. Within 7 days: Implement network segmentation to restrict administrative access to routers and deploy network-based monitoring for configuration file access attempts. Within 30 days: Contact Intelbras for patch availability; if unavailable, evaluate replacement with alternative router models that have active security support, or maintain strict air-gapped management access only.

CVE-2020-36963

HIGH

Missing Authentication for Critical Function (CWE-306)

2026-01-28 disclosure@vulncheck.com

Authentication Bypass

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Jan 29, 2026 - 19:16 vuln.today

Public exploit code

CVE Published

Jan 28, 2026 - 18:16 nvd

HIGH 7.5

DescriptionCVE.org

Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download router configuration files. Attackers can send a specific HTTP GET request to /cgi-bin/DownloadCfg/RouterCfm.cfg to retrieve sensitive router configuration without authentication.

AnalysisAI

Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download router configuration files. [CVSS 7.5 HIGH]

Technical ContextAI

Classified as CWE-306 (Missing Authentication for Critical Function). Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download router configuration files. Attackers can send a specific HTTP GET request to /cgi-bin/DownloadCfg/RouterCfm.cfg to retrieve sensitive router configuration without authentication.

Affected ProductsAI

Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download rout

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2020-36963 vulnerability details – vuln.today

Back

CVE-2020-36963

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code