Details of VAR-201905-0407

ID

VAR-201905-0407

CVE

CVE-2019-7404

TITLE

plural LG Information disclosure vulnerability in router products

Trust: 0.8

sources: JVNDB: JVNDB-2019-004505

DESCRIPTION

An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. An unauthenticated user can read a log file via an HTTP request containing its full pathname, such as http://192.168.0.1/var/gapm7100_${today's_date}.log for reading a filename such as gapm7100_190101.log. LG GAMP-7100 , GAPM-7200 , GAPM-8000 The router contains an information disclosure vulnerability.Information may be obtained. LG GAMP-7100 is a router from LG. An unauthorized attacker could use the vulnerability to obtain sensitive information about the affected components. This vulnerability stems from configuration errors in network systems or products during operation

Trust: 2.25

sources: NVD: CVE-2019-7404 // JVNDB: JVNDB-2019-004505 // CNVD: CNVD-2019-33821 // VULHUB: VHN-158839

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-33821

AFFECTED PRODUCTS

vendor:	lg	model:	gamp-7100	scope:	-	version:	-	Trust: 1.4
vendor:	lg	model:	gapm-7200	scope:	-	version:	-	Trust: 1.4
vendor:	lg	model:	gapm-8000	scope:	-	version:	-	Trust: 1.4
vendor:	lg	model:	gamp-7100	scope:	eq	version:	-	Trust: 1.0
vendor:	lg	model:	gapm-8000	scope:	eq	version:	-	Trust: 1.0
vendor:	lg	model:	gapm-7200	scope:	eq	version:	-	Trust: 1.0

sources: CNVD: CNVD-2019-33821 // JVNDB: JVNDB-2019-004505 // NVD: CVE-2019-7404

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-7404
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-7404
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-33821
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201905-310
value:	HIGH
Trust: 0.6
VULHUB:	VHN-158839
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-7404
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-33821
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-158839
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-7404
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-33821 // VULHUB: VHN-158839 // JVNDB: JVNDB-2019-004505 // CNNVD: CNNVD-201905-310 // NVD: CVE-2019-7404

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	CWE-200	Trust: 0.9

sources: VULHUB: VHN-158839 // JVNDB: JVNDB-2019-004505 // NVD: CVE-2019-7404

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-310

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201905-310

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004505

PATCH

title:

Top Page

url:

https://www.lg.com/us

Trust: 0.8

sources: JVNDB: JVNDB-2019-004505

EXTERNAL IDS

db:	NVD	id:	CVE-2019-7404	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-004505	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-310	Trust: 0.7
db:	CNVD	id:	CNVD-2019-33821	Trust: 0.6
db:	VULHUB	id:	VHN-158839	Trust: 0.1

sources: CNVD: CNVD-2019-33821 // VULHUB: VHN-158839 // JVNDB: JVNDB-2019-004505 // CNNVD: CNNVD-201905-310 // NVD: CVE-2019-7404

REFERENCES

url:	https://github.com/epistemophilia/cves/blob/master/lg-gamp-routers/cve-2019-7404/poc-cve-2019-7404.py	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-7404	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7404	Trust: 0.8
url:	https://web.nvd.nist.gov//vuln/detail/cve-2019-7404	Trust: 0.6

sources: CNVD: CNVD-2019-33821 // VULHUB: VHN-158839 // JVNDB: JVNDB-2019-004505 // CNNVD: CNNVD-201905-310 // NVD: CVE-2019-7404

SOURCES

db:	CNVD	id:	CNVD-2019-33821
db:	VULHUB	id:	VHN-158839
db:	JVNDB	id:	JVNDB-2019-004505
db:	CNNVD	id:	CNNVD-201905-310
db:	NVD	id:	CVE-2019-7404

LAST UPDATE DATE

2024-11-23T22:55:33.359000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-33821	date:	2019-09-29T00:00:00
db:	VULHUB	id:	VHN-158839	date:	2019-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-004505	date:	2019-06-04T00:00:00
db:	CNNVD	id:	CNNVD-201905-310	date:	2019-05-22T00:00:00
db:	NVD	id:	CVE-2019-7404	date:	2024-11-21T04:48:09.970

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-33821	date:	2019-09-29T00:00:00
db:	VULHUB	id:	VHN-158839	date:	2019-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-004505	date:	2019-06-04T00:00:00
db:	CNNVD	id:	CNNVD-201905-310	date:	2019-05-13T00:00:00
db:	NVD	id:	CVE-2019-7404	date:	2019-05-13T14:29:02.050