CVE-2019-6441
Published Mar 21, 2019
Last updated 4 years ago
Overview
- Description
- An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-287
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:coship:rt3050_firmware:4.0.0.40:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B799C788-A237-4A63-B4BB-A76563E52EB7"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:coship:rt3050:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5952AB48-DD27-4136-A823-49F04825D244"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:coship:rt3052_firmware:4.0.0.48:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A59AF59-B520-430C-AB30-9614960859A1"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:coship:rt3052:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "44DB85CE-36A7-49CC-AC7B-CAA7DB81C8DB"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:coship:rt7620_firmware:10.0.0.49:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D12E278D-1E93-4A0B-ACD3-11B2E78F4824"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:coship:rt7620:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "BDFF14FA-1FA5-469E-ACE2-C3C985A34CAC"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:coship:wm3300_firmware:5.0.0.54:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52450040-F41F-4555-BE1A-69CD9D203185"
},
{
"criteria": "cpe:2.3:o:coship:wm3300_firmware:5.0.0.55:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "70246B3F-A337-4595-9966-7FDDA68EB24F"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:coship:wm3300:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "534C8641-1DB1-4C43-9F01-22746458B46B"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]