ID CVE-2019-6441
Summary An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.
References
Vulnerable Configurations
  • cpe:2.3:o:coship:rt3050_firmware:4.0.0.40:*:*:*:*:*:*:*
    cpe:2.3:o:coship:rt3050_firmware:4.0.0.40:*:*:*:*:*:*:*
  • cpe:2.3:h:coship:rt3050:-:*:*:*:*:*:*:*
    cpe:2.3:h:coship:rt3050:-:*:*:*:*:*:*:*
  • cpe:2.3:o:coship:rt3052_firmware:4.0.0.48:*:*:*:*:*:*:*
    cpe:2.3:o:coship:rt3052_firmware:4.0.0.48:*:*:*:*:*:*:*
  • cpe:2.3:h:coship:rt3052:-:*:*:*:*:*:*:*
    cpe:2.3:h:coship:rt3052:-:*:*:*:*:*:*:*
  • cpe:2.3:o:coship:rt7620_firmware:10.0.0.49:*:*:*:*:*:*:*
    cpe:2.3:o:coship:rt7620_firmware:10.0.0.49:*:*:*:*:*:*:*
  • cpe:2.3:h:coship:rt7620:-:*:*:*:*:*:*:*
    cpe:2.3:h:coship:rt7620:-:*:*:*:*:*:*:*
  • cpe:2.3:o:coship:wm3300_firmware:5.0.0.54:*:*:*:*:*:*:*
    cpe:2.3:o:coship:wm3300_firmware:5.0.0.54:*:*:*:*:*:*:*
  • cpe:2.3:o:coship:wm3300_firmware:5.0.0.55:*:*:*:*:*:*:*
    cpe:2.3:o:coship:wm3300_firmware:5.0.0.55:*:*:*:*:*:*:*
  • cpe:2.3:h:coship:wm3300:-:*:*:*:*:*:*:*
    cpe:2.3:h:coship:wm3300:-:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 02-04-2019 - 17:49)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
exploit-db 46180
misc
vulnerable_product via4
  • cpe:2.3:o:coship:rt3050_firmware:4.0.0.40:*:*:*:*:*:*:*
  • cpe:2.3:o:coship:rt3052_firmware:4.0.0.48:*:*:*:*:*:*:*
  • cpe:2.3:o:coship:rt7620_firmware:10.0.0.49:*:*:*:*:*:*:*
  • cpe:2.3:o:coship:wm3300_firmware:5.0.0.54:*:*:*:*:*:*:*
  • cpe:2.3:o:coship:wm3300_firmware:5.0.0.55:*:*:*:*:*:*:*
Last major update 02-04-2019 - 17:49
Published 21-03-2019 - 16:01
Back to Top