The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product, there is a 404 error. If a file does not exist, there is a 302 redirect to index.html.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NCompal Ch7465lg
HWCompalwszystkie wersjeCompal Ch7465lg Firmware
OSCompalch7465lg-ncip-6.12.18.25-2p6-nosh
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
Related vulnerabilities
CVE-2019-13025CRITICAL9.8ten sam produkt
Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper In...
CVE-2019-17499HIGH8.8ten sam produkt
The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not pr...
CVE-2019-19494HIGH8.8ten sam vendor
Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote...