Vulnerability Details : CVE-2019-3405
In the 3.1.3.64296 and lower version of 360F5, the third party can trigger the device to send a deauth frame by constructing and sending a specific illegal 802.11 Null Data Frame, which will cause other wireless terminals connected to disconnect from the wireless, so as to attack the router wireless by DoS. At present, the vulnerability has been effectively handled, and users can fix the vulnerability after updating the firmware version.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2019-3405
Probability of exploitation activity in the next 30 days: 0.09%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 39 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2019-3405
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.9
|
1.4
|
NIST |
References for CVE-2019-3405
-
https://security.360.cn/News/news/id/246
360安全应急响应中心-致谢:感谢李立东对360安全应急响应中心的帮助与支持Vendor Advisory
Products affected by CVE-2019-3405
- cpe:2.3:o:360:360f5_firmware:*:*:*:*:*:*:*:*