CRITICAL🇬🇧 English

CVE-2019-13025

CVSS 9.8v3.1pub. 2019-10-02upd. 2024-11-21

Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST (HTTP) request containing shell commands, which will be executed on the device, to an backend API endpoint of the cable modem.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Compal Ch7465lg

    HW
    Compal
    wszystkie wersje
  • Compal Ch7465lg Firmware

    OS
    Compal
    ch7465lg-ncip-6.12.18.24-5p8-nosh
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Command Injection
CWE
Referencje

Powiązane podatności

CVE-2019-17499HIGH8.8ten sam produkt

The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not pr...

CVE-2019-17224MEDIUM5.3ten sam produkt

The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulner...

CVE-2019-19494HIGH8.8ten sam vendor

Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote...