Details of VAR-201905-0417

ID

VAR-201905-0417

CVE

CVE-2019-7564

TITLE

Shenzhen Coship WM3300 WiFi Vulnerabilities related to certificate and password management in router devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-004414

DESCRIPTION

An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wl_security_2G.asp URI, the attacker can change the password of the Wi-FI network. Shenzhen Coship WM3300 WiFi Router devices contain vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Coship Wireless Router is a wireless router produced by China Coship Electronics (Coship). There are security vulnerabilities in Coship Wireless Router versions 4.0.0.x and 5.0.0.x. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Trust: 1.8

sources: NVD: CVE-2019-7564 // JVNDB: JVNDB-2019-004414 // VULHUB: VHN-158999 // VULMON: CVE-2019-7564

IOT TAXONOMY

category:

['network device']

sub_category:

router

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	coship	model:	wm3300	scope:	eq	version:	5.0.0.55	Trust: 1.8
vendor:	coship	model:	rt3052	scope:	eq	version:	4.0.0.48	Trust: 1.0
vendor:	coship	model:	wm3300	scope:	eq	version:	5.0.0.54	Trust: 1.0
vendor:	coship	model:	rt3050	scope:	eq	version:	4.0.0.40	Trust: 1.0
vendor:	coship	model:	rt7620	scope:	eq	version:	10.0.0.49	Trust: 1.0
vendor:	coship	model:	rt3050	scope:	-	version:	-	Trust: 0.8
vendor:	coship	model:	rt3052	scope:	-	version:	-	Trust: 0.8
vendor:	coship	model:	rt7620	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-004414 // NVD: CVE-2019-7564

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-7564
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-7564
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201902-574
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-158999
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-7564
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-7564
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-158999
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-7564
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-158999 // VULMON: CVE-2019-7564 // JVNDB: JVNDB-2019-004414 // CNNVD: CNNVD-201902-574 // NVD: CVE-2019-7564

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.1
problemtype:	CWE-255	Trust: 0.9

sources: VULHUB: VHN-158999 // JVNDB: JVNDB-2019-004414 // NVD: CVE-2019-7564

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-574

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201902-574

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004414

PATCH

title:

Top Page

url:

http://en.coship.com/

Trust: 0.8

sources: JVNDB: JVNDB-2019-004414

EXTERNAL IDS

db:	NVD	id:	CVE-2019-7564	Trust: 2.7
db:	PACKETSTORM	id:	151595	Trust: 2.6
db:	JVNDB	id:	JVNDB-2019-004414	Trust: 0.8
db:	CNNVD	id:	CNNVD-201902-574	Trust: 0.7
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-158999	Trust: 0.1
db:	VULMON	id:	CVE-2019-7564	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-158999 // VULMON: CVE-2019-7564 // JVNDB: JVNDB-2019-004414 // CNNVD: CNNVD-201902-574 // NVD: CVE-2019-7564

REFERENCES

url:	http://packetstormsecurity.com/files/151595/coship-wireless-router-4.0.0.x-5.0.0.x-authentication-bypass.html	Trust: 3.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-7564	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7564	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/306.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-158999 // VULMON: CVE-2019-7564 // JVNDB: JVNDB-2019-004414 // CNNVD: CNNVD-201902-574 // NVD: CVE-2019-7564

SOURCES

db:	OTHER	id:	-
db:	VULHUB	id:	VHN-158999
db:	VULMON	id:	CVE-2019-7564
db:	JVNDB	id:	JVNDB-2019-004414
db:	CNNVD	id:	CNNVD-201902-574
db:	NVD	id:	CVE-2019-7564

LAST UPDATE DATE

2025-01-30T22:28:44.374000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-158999	date:	2020-08-24T00:00:00
db:	VULMON	id:	CVE-2019-7564	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-004414	date:	2019-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201902-574	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-7564	date:	2024-11-21T04:48:19.810

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-158999	date:	2019-05-07T00:00:00
db:	VULMON	id:	CVE-2019-7564	date:	2019-05-07T00:00:00
db:	JVNDB	id:	JVNDB-2019-004414	date:	2019-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201902-574	date:	2019-02-11T00:00:00
db:	NVD	id:	CVE-2019-7564	date:	2019-05-07T19:29:01.753