CVE-2019-6441
Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
5Exploited in Wild
-Decision
Descriptions
An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.
Se ha descubierto un problema en dispositivos Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54 y WM3300 5.0.0.55. La funcionalidad de restablecimiento de contraseñas del router no cuenta con validación de backend para la contraseña actual y no requiere ningún tipo de validación. Al realizar una petición POST al archivo apply.cgi del router, el atacante puede cambiar el nombre de usuario y la contraseña del router.
Coship Wireless Router versions 4.0.0.48, 4.0.0.40, 5.0.0.54, 5.0.0.55, and 10.0.0.49 suffer from an unauthenticated admin password reset vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-15 CVE Reserved
- 2019-01-16 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (5)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Coship Search vendor "Coship" | Rt3050 Firmware Search vendor "Coship" for product "Rt3050 Firmware" | 4.0.0.40 Search vendor "Coship" for product "Rt3050 Firmware" and version "4.0.0.40" | - |
Affected
| in | Coship Search vendor "Coship" | Rt3050 Search vendor "Coship" for product "Rt3050" | - | - |
Safe
|
| Coship Search vendor "Coship" | Rt3052 Firmware Search vendor "Coship" for product "Rt3052 Firmware" | 4.0.0.48 Search vendor "Coship" for product "Rt3052 Firmware" and version "4.0.0.48" | - |
Affected
| in | Coship Search vendor "Coship" | Rt3052 Search vendor "Coship" for product "Rt3052" | - | - |
Safe
|
| Coship Search vendor "Coship" | Rt7620 Firmware Search vendor "Coship" for product "Rt7620 Firmware" | 10.0.0.49 Search vendor "Coship" for product "Rt7620 Firmware" and version "10.0.0.49" | - |
Affected
| in | Coship Search vendor "Coship" | Rt7620 Search vendor "Coship" for product "Rt7620" | - | - |
Safe
|
| Coship Search vendor "Coship" | Wm3300 Firmware Search vendor "Coship" for product "Wm3300 Firmware" | 5.0.0.54 Search vendor "Coship" for product "Wm3300 Firmware" and version "5.0.0.54" | - |
Affected
| in | Coship Search vendor "Coship" | Wm3300 Search vendor "Coship" for product "Wm3300" | - | - |
Safe
|
| Coship Search vendor "Coship" | Wm3300 Firmware Search vendor "Coship" for product "Wm3300 Firmware" | 5.0.0.55 Search vendor "Coship" for product "Wm3300 Firmware" and version "5.0.0.55" | - |
Affected
| in | Coship Search vendor "Coship" | Wm3300 Search vendor "Coship" for product "Wm3300" | - | - |
Safe
|