Details of VAR-201906-0181

ID

VAR-201906-0181

CVE

CVE-2019-3410

TITLE

ZTE WF820+ LTE Outdoor CPE Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-41442 // CNNVD: CNNVD-201906-372

DESCRIPTION

All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by Cross-Site Request Forgery vulnerability,which stems from the fact that WEB applications do not adequately verify whether requests come from trusted users. An attacker can exploit this vulnerability to send unexpected requests to the server through the affected client. ZTE WF820+ LTE Outdoor CPE is an outdoor CPE (Customer Premise Equipment) device from China ZTE Corporation

Trust: 2.16

sources: NVD: CVE-2019-3410 // JVNDB: JVNDB-2019-005457 // CNVD: CNVD-2019-41442

IOT TAXONOMY

category:	['Network device']	sub_category:	-	Trust: 0.6
category:	['network device']	sub_category:	router	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-41442

AFFECTED PRODUCTS

vendor:	zte	model:	wf820\+ lte outdoor cpe	scope:	lt	version:	1.0.0b06	Trust: 1.0
vendor:	zte	model:	wf820+ lte outdoor cpe	scope:	lte	version:	ukbb_wf820+_1.0.0b06	Trust: 0.8
vendor:	zte	model:	wf820+ lte outdoor cpe <ukbb wf820+ 1.0.0b06	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-41442 // JVNDB: JVNDB-2019-005457 // NVD: CVE-2019-3410

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-3410
value:	HIGH
Trust: 1.0
psirt@zte.com.cn:	CVE-2019-3410
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-3410
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-41442
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201906-372
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-3410
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-41442
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-3410
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8
psirt@zte.com.cn:	CVE-2019-3410
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.1
impactScore:	2.5
version:	3.0
Trust: 1.0

sources: CNVD: CNVD-2019-41442 // JVNDB: JVNDB-2019-005457 // CNNVD: CNNVD-201906-372 // NVD: CVE-2019-3410 // NVD: CVE-2019-3410

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.8

sources: JVNDB: JVNDB-2019-005457 // NVD: CVE-2019-3410

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-372

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201906-372

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005457

PATCH

title:	Two Vulnerabilities in ZTE WF820+ LTE Outdoor CPE Product	url:	http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010662	Trust: 0.8
title:	Patch for ZTE WF820+ LTE Outdoor CPE Cross-Site Request Forgery Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/191129	Trust: 0.6
title:	ZTE WF820+ LTE Outdoor CPE Fixes for cross-site request forgery vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93614	Trust: 0.6

sources: CNVD: CNVD-2019-41442 // JVNDB: JVNDB-2019-005457 // CNNVD: CNNVD-201906-372

EXTERNAL IDS

db:	NVD	id:	CVE-2019-3410	Trust: 3.1
db:	ZTE	id:	1010662	Trust: 2.2
db:	JVNDB	id:	JVNDB-2019-005457	Trust: 0.8
db:	CNVD	id:	CNVD-2019-41442	Trust: 0.6
db:	CNNVD	id:	CNNVD-201906-372	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-41442 // JVNDB: JVNDB-2019-005457 // CNNVD: CNNVD-201906-372 // NVD: CVE-2019-3410

REFERENCES

url:	http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1010662	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3410	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3410	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-41442 // JVNDB: JVNDB-2019-005457 // CNNVD: CNNVD-201906-372 // NVD: CVE-2019-3410

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2019-41442
db:	JVNDB	id:	JVNDB-2019-005457
db:	CNNVD	id:	CNNVD-201906-372
db:	NVD	id:	CVE-2019-3410

LAST UPDATE DATE

2025-01-30T22:12:09.596000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-41442	date:	2019-11-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-005457	date:	2019-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201906-372	date:	2019-06-14T00:00:00
db:	NVD	id:	CVE-2019-3410	date:	2024-11-21T04:42:02.777

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-41442	date:	2019-11-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-005457	date:	2019-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201906-372	date:	2019-06-11T00:00:00
db:	NVD	id:	CVE-2019-3410	date:	2019-06-11T19:29:00.857