Vulnerability Details : CVE-2019-6441
An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.
Vulnerability category: BypassGain privilege
Products affected by CVE-2019-6441
- cpe:2.3:o:coship:rt3052_firmware:4.0.0.48:*:*:*:*:*:*:*
- cpe:2.3:o:coship:rt3050_firmware:4.0.0.40:*:*:*:*:*:*:*
- cpe:2.3:o:coship:rt7620_firmware:10.0.0.49:*:*:*:*:*:*:*
- cpe:2.3:o:coship:wm3300_firmware:5.0.0.54:*:*:*:*:*:*:*
- cpe:2.3:o:coship:wm3300_firmware:5.0.0.55:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-6441
22.99%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-6441
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-6441
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-6441
-
https://www.exploit-db.com/exploits/46180
Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password ResetExploit;Third Party Advisory;VDB Entry
-
https://vulmon.com/exploitdetails?qidtp=EDB&qid=46180
Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / - ExploitExploit;Third Party Advisory
-
https://www.anquanke.com/vul/id/1451446
CVE-2019-6441 Coship Wireless Router 安全漏洞-漏洞情报、漏洞详情、安全漏洞、CVE - 安全客,安全资讯平台Exploit;Third Party Advisory
-
https://packetstormsecurity.com/files/151202/Coship-Wireless-Router-Unauthenticated-Admin-Password-Reset.html
Coship Wireless Router Unauthenticated Admin Password Reset ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to