Details of VAR-201903-0427

ID

VAR-201903-0427

CVE

CVE-2019-6441

TITLE

plural Shenzhen Coship Vulnerabilities related to certificate and password management in device products

Trust: 0.8

sources: JVNDB: JVNDB-2019-003066

DESCRIPTION

An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router. plural Shenzhen Coship Vulnerabilities related to certificate and password management exist in device products.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Coship Wireless Router is a wireless router produced by China Coship Electronics Company. A security vulnerability exists in the Coship Wireless Router. An attacker could use this vulnerability to reset the administrator password. The following versions are affected: Coship Wireless Router Version 4.0.0.48, Version 4.0.0.40, Version 5.0.0.54, Version 5.0.0.55, Version 10.0.0.49

Trust: 1.8

sources: NVD: CVE-2019-6441 // JVNDB: JVNDB-2019-003066 // VULHUB: VHN-157876 // VULMON: CVE-2019-6441

AFFECTED PRODUCTS

vendor:	coship	model:	rt3050	scope:	eq	version:	4.0.0.40	Trust: 1.8
vendor:	coship	model:	rt3052	scope:	eq	version:	4.0.0.48	Trust: 1.8
vendor:	coship	model:	rt7620	scope:	eq	version:	10.0.0.49	Trust: 1.8
vendor:	coship	model:	wm3300	scope:	eq	version:	5.0.0.54	Trust: 1.8
vendor:	coship	model:	wm3300	scope:	eq	version:	5.0.0.55	Trust: 1.8

sources: JVNDB: JVNDB-2019-003066 // NVD: CVE-2019-6441

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6441
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-6441
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201901-726
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-157876
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-6441
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-6441
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-157876
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6441
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-157876 // VULMON: CVE-2019-6441 // JVNDB: JVNDB-2019-003066 // CNNVD: CNNVD-201901-726 // NVD: CVE-2019-6441

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.1
problemtype:	CWE-255	Trust: 0.9

sources: VULHUB: VHN-157876 // JVNDB: JVNDB-2019-003066 // NVD: CVE-2019-6441

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-726

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201901-726

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003066

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2019-6441

PATCH

title:

Top Page

url:

http://en.coship.com/

Trust: 0.8

sources: JVNDB: JVNDB-2019-003066

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6441	Trust: 2.6
db:	PACKETSTORM	id:	151202	Trust: 2.6
db:	EXPLOIT-DB	id:	46180	Trust: 1.8
db:	JVNDB	id:	JVNDB-2019-003066	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-726	Trust: 0.7
db:	VULHUB	id:	VHN-157876	Trust: 0.1
db:	VULMON	id:	CVE-2019-6441	Trust: 0.1

sources: VULHUB: VHN-157876 // VULMON: CVE-2019-6441 // JVNDB: JVNDB-2019-003066 // CNNVD: CNNVD-201901-726 // NVD: CVE-2019-6441

REFERENCES

url:	https://packetstormsecurity.com/files/151202/coship-wireless-router-unauthenticated-admin-password-reset.html	Trust: 4.4
url:	https://www.exploit-db.com/exploits/46180	Trust: 1.9
url:	https://www.exploit-db.com/exploits/46180/	Trust: 1.8
url:	https://www.anquanke.com/vul/id/1451446	Trust: 1.8
url:	https://vulmon.com/exploitdetails?qidtp=edb&qid=46180	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6441	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6441	Trust: 0.8
url:	https://vulmon.com/exploitdetails?qidtp=edb&qid=46180	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-157876 // VULMON: CVE-2019-6441 // JVNDB: JVNDB-2019-003066 // CNNVD: CNNVD-201901-726 // NVD: CVE-2019-6441

SOURCES

db:	VULHUB	id:	VHN-157876
db:	VULMON	id:	CVE-2019-6441
db:	JVNDB	id:	JVNDB-2019-003066
db:	CNNVD	id:	CNNVD-201901-726
db:	NVD	id:	CVE-2019-6441

LAST UPDATE DATE

2024-11-23T22:48:25.681000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-157876	date:	2020-08-24T00:00:00
db:	VULMON	id:	CVE-2019-6441	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-003066	date:	2019-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201901-726	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2019-6441	date:	2024-11-21T04:46:27.377

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-157876	date:	2019-03-21T00:00:00
db:	VULMON	id:	CVE-2019-6441	date:	2019-03-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-003066	date:	2019-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201901-726	date:	2019-01-17T00:00:00
db:	NVD	id:	CVE-2019-6441	date:	2019-03-21T16:01:08.140