CWE
287
Advisory Published
Updated

CVE-2019-6441

First published: Tue Mar 19 2019(Updated: )

An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Coship Rt3050 Firmware=4.0.0.40
Coship RT3050
Coship Rt3052 Firmware=4.0.0.48
Coship RT3052
Coship Rt7620 Firmware=10.0.0.49
Coship Rt7620
Coship Wm3300 Firmware=5.0.0.54
Coship Wm3300 Firmware=5.0.0.55
Coship WM3300
All of
Coship Rt3050 Firmware=4.0.0.40
Coship RT3050
All of
Coship Rt3052 Firmware=4.0.0.48
Coship RT3052
All of
Coship Rt7620 Firmware=10.0.0.49
Coship Rt7620
All of
Any of
Coship Wm3300 Firmware=5.0.0.54
Coship Wm3300 Firmware=5.0.0.55
Coship WM3300

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the vulnerability ID for this issue?

    The vulnerability ID for this issue is CVE-2019-6441.

  • What is the severity of CVE-2019-6441?

    The severity of CVE-2019-6441 is critical with a score of 9.8.

  • Which devices are affected by CVE-2019-6441?

    Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 are affected by this vulnerability.

  • What is the impact of CVE-2019-6441?

    This vulnerability allows an attacker to reset the router's password without any authentication, potentially granting access to the admin interface and control over the router.

  • Is there a fix available for CVE-2019-6441?

    At the moment, there is no fix available for CVE-2019-6441. It is recommended to update to the latest firmware version provided by the vendor when it becomes available.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203