CVE-2019-3404

By adding some special fields to the uri ofrouter app function, the user could abuse background app cgi functions withoutauthentication. This affects 360 router P0 and F5C.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
360STCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
360p0_router_firmware
3.1.1.65150
360f5c_router_firmware
3.1.1.65150
𝑥
= Vulnerable software versions
References
https://security.360.cn/News/news/id/218.html
https://security.360.cn/News/news/id/218.html