How to fix CVE-2020-36963?

Within 24 hours: Identify all Intelbras RF 301K devices in your network inventory and isolate affected units from untrusted networks. Within 7 days: Implement network segmentation to restrict administrative access to routers and deploy network-based monitoring for configuration file access attempts. Within 30 days: Contact Intelbras for patch availability; if unavailable, evaluate replacement with alternative router models that have active security support, or maintain strict air-gapped management access only.

CVE-2020-36963

HIGH

2026-01-28 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Jan 29, 2026 - 19:16 vuln.today

Public exploit code

CVE Published

Jan 28, 2026 - 18:16 nvd

HIGH 7.5

Description

Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download router configuration files. Attackers can send a specific HTTP GET request to /cgi-bin/DownloadCfg/RouterCfm.cfg to retrieve sensitive router configuration without authentication.

Analysis

Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download router configuration files. [CVSS 7.5 HIGH]

Technical Context

Classified as CWE-306 (Missing Authentication for Critical Function). Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download router configuration files. Attackers can send a specific HTTP GET request to /cgi-bin/DownloadCfg/RouterCfm.cfg to retrieve sensitive router configuration without authentication.

Affected Products

Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download rout

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.3

CVSS: +38

POC: +20

CVE-2020-36963 vulnerability details – vuln.today

Back

CVE-2020-36963

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2020-36963

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code