CVE-2019-7564

{"id": "CVE-2019-7564", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-05-07T19:29:01.753", "references": [{"url": "http://packetstormsecurity.com/files/151595/Coship-Wireless-Router-4.0.0.x-5.0.0.x-Authentication-Bypass.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/151595/Coship-Wireless-Router-4.0.0.x-5.0.0.x-Authentication-Bypass.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wl_security_2G.asp URI, the attacker can change the password of the Wi-FI network."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en los dispositivos Coship WM3300 WiFi Router 5.0.0.0.55 de Shenzhen. La funcionalidad de restablecimiento de contrase\u00f1a del SSID inal\u00e1mbrico no requiere ning\u00fan tipo de autenticaci\u00f3n. Al hacer una petici\u00f3n POST a la URI regx/wireless/wl_security_2G.asp, el atacante puede cambiar la contrase\u00f1a de la red Wi-Fi."}], "lastModified": "2024-11-21T04:48:19.810", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:coship:rt3052_firmware:4.0.0.48:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A59AF59-B520-430C-AB30-9614960859A1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:coship:rt3052:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "44DB85CE-36A7-49CC-AC7B-CAA7DB81C8DB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:coship:rt3050_firmware:4.0.0.40:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B799C788-A237-4A63-B4BB-A76563E52EB7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:coship:rt3050:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5952AB48-DD27-4136-A823-49F04825D244"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:coship:wm3300_firmware:5.0.0.54:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52450040-F41F-4555-BE1A-69CD9D203185"}, {"criteria": "cpe:2.3:o:coship:wm3300_firmware:5.0.0.55:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70246B3F-A337-4595-9966-7FDDA68EB24F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:coship:wm3300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "534C8641-1DB1-4C43-9F01-22746458B46B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:coship:rt7620_firmware:10.0.0.49:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D12E278D-1E93-4A0B-ACD3-11B2E78F4824"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:coship:rt7620:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BDFF14FA-1FA5-469E-ACE2-C3C985A34CAC"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}