First published: Tue Mar 19 2019(Updated: )
An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Coship Rt3050 Firmware | =4.0.0.40 | |
Coship RT3050 | ||
Coship Rt3052 Firmware | =4.0.0.48 | |
Coship RT3052 | ||
Coship Rt7620 Firmware | =10.0.0.49 | |
Coship Rt7620 | ||
Coship Wm3300 Firmware | =5.0.0.54 | |
Coship Wm3300 Firmware | =5.0.0.55 | |
Coship WM3300 | ||
All of | ||
Coship Rt3050 Firmware | =4.0.0.40 | |
Coship RT3050 | ||
All of | ||
Coship Rt3052 Firmware | =4.0.0.48 | |
Coship RT3052 | ||
All of | ||
Coship Rt7620 Firmware | =10.0.0.49 | |
Coship Rt7620 | ||
All of | ||
Any of | ||
Coship Wm3300 Firmware | =5.0.0.54 | |
Coship Wm3300 Firmware | =5.0.0.55 | |
Coship WM3300 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-6441.
The severity of CVE-2019-6441 is critical with a score of 9.8.
Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 are affected by this vulnerability.
This vulnerability allows an attacker to reset the router's password without any authentication, potentially granting access to the admin interface and control over the router.
At the moment, there is no fix available for CVE-2019-6441. It is recommended to update to the latest firmware version provided by the vendor when it becomes available.