CVE-2019-6441
Summary
| CVE | CVE-2019-6441 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-03-21 16:01:00 UTC |
| Updated | 2020-08-24 17:37:00 UTC |
| Description | An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router. |
Risk And Classification
Problem Types: CWE-287
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Coship | Rt3050 | - | All | All | All |
| Hardware | Coship | Rt3050 | - | All | All | All |
| Operating System | Coship | Rt3050 Firmware | 4.0.0.40 | All | All | All |
| Operating System | Coship | Rt3050 Firmware | 4.0.0.40 | All | All | All |
| Hardware | Coship | Rt3052 | - | All | All | All |
| Hardware | Coship | Rt3052 | - | All | All | All |
| Operating System | Coship | Rt3052 Firmware | 4.0.0.48 | All | All | All |
| Operating System | Coship | Rt3052 Firmware | 4.0.0.48 | All | All | All |
| Hardware | Coship | Rt7620 | - | All | All | All |
| Hardware | Coship | Rt7620 | - | All | All | All |
| Operating System | Coship | Rt7620 Firmware | 10.0.0.49 | All | All | All |
| Operating System | Coship | Rt7620 Firmware | 10.0.0.49 | All | All | All |
| Hardware | Coship | Wm3300 | - | All | All | All |
| Hardware | Coship | Wm3300 | - | All | All | All |
| Operating System | Coship | Wm3300 Firmware | 5.0.0.54 | All | All | All |
| Operating System | Coship | Wm3300 Firmware | 5.0.0.55 | All | All | All |
| Operating System | Coship | Wm3300 Firmware | 5.0.0.54 | All | All | All |
| Operating System | Coship | Wm3300 Firmware | 5.0.0.55 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2019-6441 Coship Wireless Router 安全漏洞-漏洞情报、漏洞详情、安全漏洞、CVE - 安全客,安全资讯平台 | MISC | www.anquanke.com | Exploit, Third Party Advisory |
| Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset | MISC | vulmon.com | Exploit, Third Party Advisory |
| Coship Wireless Router Unauthenticated Admin Password Reset ≈ Packet Storm | MISC | packetstormsecurity.com | Exploit, Third Party Advisory, VDB Entry |
| Coship Wireless Router Unauthenticated Admin Password Reset ≈ Packet Storm | MISC | packetstormsecurity.com | Exploit, Third Party Advisory, VDB Entry |
| Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset - Hardware webapps Exploit | EXPLOIT-DB | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset - Hardware webapps Exploit | EXPLOIT-DB | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.