Vulnerability Details : CVE-2019-3404
By adding some special fields to the uri ofrouter app function, the user could abuse background app cgi functions withoutauthentication. This affects 360 router P0 and F5C.
Products affected by CVE-2019-3404
- cpe:2.3:o:360:p0_router_firmware:3.1.1.65150:*:*:*:*:*:*:*
- cpe:2.3:o:360:f5c_router_firmware:3.1.1.65150:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-3404
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 35 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-3404
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
References for CVE-2019-3404
-
https://security.360.cn/News/news/id/218.html
360安全应急响应中心-CVE-2019-3404漏洞致谢公告Vendor Advisory
Jump to