Sign-up

ID

VAR-201910-0650


CVE

CVE-2019-13025


TITLE

Compal CH7465LG Vulnerability related to input validation on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-010361

DESCRIPTION

Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST (HTTP) request containing shell commands, which will be executed on the device, to an backend API endpoint of the cable modem. Compal CH7465LG The device contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Compal CH7465LG is a wireless router manufactured by Compal Computer Industries (Compal) in Taiwan, China

Trust: 1.71

sources: NVD: CVE-2019-13025 // JVNDB: JVNDB-2019-010361 // VULHUB: VHN-144830

AFFECTED PRODUCTS

vendor:compalmodel:ch7465lgscope:eqversion:ch7465lg-ncip-6.12.18.24-5p8-nosh

Trust: 1.0

vendor:compal broadbandmodel:ch7465lgscope:eqversion:ch7465lg-ncip-6.12.18.24-5p8-nosh

Trust: 0.8

sources: JVNDB: JVNDB-2019-010361 // NVD: CVE-2019-13025

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13025
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-13025
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201910-137
value: CRITICAL

Trust: 0.6

VULHUB: VHN-144830
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-13025
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144830
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-13025
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-13025
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-144830 // JVNDB: JVNDB-2019-010361 // CNNVD: CNNVD-201910-137 // NVD: CVE-2019-13025

PROBLEMTYPE DATA

problemtype:CWE-669

Trust: 1.1

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-144830 // JVNDB: JVNDB-2019-010361 // NVD: CVE-2019-13025

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-137

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201910-137

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010361

PATCH
title:Top Pageurl:http://www.icbn.com.tw/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-010361

EXTERNAL IDS
db:NVDid:CVE-2019-13025
Trust: 2.5
db:JVNDBid:JVNDB-2019-010361
Trust: 0.8
db:CNNVDid:CNNVD-201910-137
Trust: 0.7
db:VULHUBid:VHN-144830
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144830 // 
            
            
            
            JVNDB: JVNDB-2019-010361 // 
            
            
            
            CNNVD: CNNVD-201910-137 // 
            
            
            
            NVD: CVE-2019-13025

REFERENCES
url:https://xitan.me/posts/connect-box-ch7465lg-rce/
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-13025
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13025
Trust: 0.8
sources:
            
            
            VULHUB: VHN-144830 // 
            
            
            
            JVNDB: JVNDB-2019-010361 // 
            
            
            
            CNNVD: CNNVD-201910-137 // 
            
            
            
            NVD: CVE-2019-13025

SOURCES
db:VULHUBid:VHN-144830
db:JVNDBid:JVNDB-2019-010361
db:CNNVDid:CNNVD-201910-137
db:NVDid:CVE-2019-13025

LAST UPDATE DATE
2024-11-23T23:01:40.290000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-144830date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-010361date:2019-10-11T00:00:00
db:CNNVDid:CNNVD-201910-137date:2020-08-25T00:00:00
db:NVDid:CVE-2019-13025date:2024-11-21T04:24:03.430

SOURCES RELEASE DATE
db:VULHUBid:VHN-144830date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010361date:2019-10-11T00:00:00
db:CNNVDid:CNNVD-201910-137date:2019-10-02T00:00:00
db:NVDid:CVE-2019-13025date:2019-10-02T15:15:10.357