CVE-2019-6441

An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
VendorProductVersion
coshiprt3050_firmware
4.0.0.40
coshiprt3052_firmware
4.0.0.48
coshiprt7620_firmware
10.0.0.49
coshipwm3300_firmware
5.0.0.54
coshipwm3300_firmware
5.0.0.55
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/151202/Coship-Wireless-Router-Unauthenticated-Admin-Password-Reset.html
https://packetstormsecurity.com/files/151202/Coship-Wireless-Router-Unauthenticated-Admin-Password-Reset.html
https://vulmon.com/exploitdetails?qidtp=EDB&qid=46180
https://www.anquanke.com/vul/id/1451446
https://www.exploit-db.com/exploits/46180
https://www.exploit-db.com/exploits/46180/
http://packetstormsecurity.com/files/151202/Coship-Wireless-Router-Unauthenticated-Admin-Password-Reset.html
https://packetstormsecurity.com/files/151202/Coship-Wireless-Router-Unauthenticated-Admin-Password-Reset.html
https://vulmon.com/exploitdetails?qidtp=EDB&qid=46180
https://www.anquanke.com/vul/id/1451446
https://www.exploit-db.com/exploits/46180
https://www.exploit-db.com/exploits/46180/