// For flags

CVE-2019-6441

Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

5
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.

Se ha descubierto un problema en dispositivos Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54 y WM3300 5.0.0.55. La funcionalidad de restablecimiento de contraseñas del router no cuenta con validación de backend para la contraseña actual y no requiere ningún tipo de validación. Al realizar una petición POST al archivo apply.cgi del router, el atacante puede cambiar el nombre de usuario y la contraseña del router.

Coship Wireless Router versions 4.0.0.48, 4.0.0.40, 5.0.0.54, 5.0.0.55, and 10.0.0.49 suffer from an unauthenticated admin password reset vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-01-15 CVE Reserved
  • 2019-01-16 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • 2024-08-09 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-287: Improper Authentication
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Coship
Search vendor "Coship"
 Rt3050 Firmware
Search vendor "Coship" for product "Rt3050 Firmware"
 4.0.0.40
Search vendor "Coship" for product "Rt3050 Firmware" and version "4.0.0.40"
-
Affected
in Coship
Search vendor "Coship"
 Rt3050
Search vendor "Coship" for product "Rt3050"
--
Safe
Coship
Search vendor "Coship"
 Rt3052 Firmware
Search vendor "Coship" for product "Rt3052 Firmware"
 4.0.0.48
Search vendor "Coship" for product "Rt3052 Firmware" and version "4.0.0.48"
-
Affected
in Coship
Search vendor "Coship"
 Rt3052
Search vendor "Coship" for product "Rt3052"
--
Safe
Coship
Search vendor "Coship"
 Rt7620 Firmware
Search vendor "Coship" for product "Rt7620 Firmware"
 10.0.0.49
Search vendor "Coship" for product "Rt7620 Firmware" and version "10.0.0.49"
-
Affected
in Coship
Search vendor "Coship"
 Rt7620
Search vendor "Coship" for product "Rt7620"
--
Safe
Coship
Search vendor "Coship"
 Wm3300 Firmware
Search vendor "Coship" for product "Wm3300 Firmware"
 5.0.0.54
Search vendor "Coship" for product "Wm3300 Firmware" and version "5.0.0.54"
-
Affected
in Coship
Search vendor "Coship"
 Wm3300
Search vendor "Coship" for product "Wm3300"
--
Safe
Coship
Search vendor "Coship"
 Wm3300 Firmware
Search vendor "Coship" for product "Wm3300 Firmware"
 5.0.0.55
Search vendor "Coship" for product "Wm3300 Firmware" and version "5.0.0.55"
-
Affected
in Coship
Search vendor "Coship"
 Wm3300
Search vendor "Coship" for product "Wm3300"
--
Safe