Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-6441

Опубликовано: 21 мар. 2019
Источник: nvd
CVSS3: 9.8
CVSS2: 10
EPSS Средний

Описание

An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:coship:rt3050_firmware:4.0.0.40:*:*:*:*:*:*:*
cpe:2.3:h:coship:rt3050:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:coship:rt3052_firmware:4.0.0.48:*:*:*:*:*:*:*
cpe:2.3:h:coship:rt3052:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:coship:rt7620_firmware:10.0.0.49:*:*:*:*:*:*:*
cpe:2.3:h:coship:rt7620:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

Одно из

cpe:2.3:o:coship:wm3300_firmware:5.0.0.54:*:*:*:*:*:*:*
cpe:2.3:o:coship:wm3300_firmware:5.0.0.55:*:*:*:*:*:*:*
cpe:2.3:h:coship:wm3300:-:*:*:*:*:*:*:*

EPSS

Процентиль: 98%
0.4809
Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-287

Связанные уязвимости

github логотип

GHSA-gvmx-6cqv-6x5q

CVSS3: 9.8
github
больше 3 лет назад

An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.

EPSS

Процентиль: 98%
0.4809
Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-287