CVE-2019-3404

EUVD-2019-13043
By adding some special fields to the uri ofrouter app function, the user could abuse background app cgi functions withoutauthentication. This affects 360 router P0 and F5C.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
360p0_router_firmware
3.1.1.65150
360f5c_router_firmware
3.1.1.65150
𝑥
= Vulnerable software versions
References
https://security.360.cn/News/news/id/218.html
https://security.360.cn/News/news/id/218.html