CVE-2019-6961
First published: Thu Jun 20 2019(Updated: )
Incorrect access control in actionHandlerUtility.php in the RDK RDKB-20181217-1 WebUI module allows a logged in user to control DDNS, QoS, RIP, and other privileged configurations (intended only for the network operator) by sending an HTTP POST to the PHP backend, because the page filtering for non-superuser (in header.php) is done only for GET requests and not for direct AJAX calls.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rdkcentral Rdkb Ccsppandm | =rdkb-20181217-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2019-6961.
What is the severity level of CVE-2019-6961?
The severity level of CVE-2019-6961 is medium with a CVSS score of 6.5.
What is the affected software version for CVE-2019-6961?
The affected software version for CVE-2019-6961 is RDKB-20181217-1.
How does CVE-2019-6961 allow unauthorized access?
CVE-2019-6961 allows unauthorized access by allowing a logged-in user to control privileged configurations intended for the network operator.
How can I fix CVE-2019-6961?
To fix CVE-2019-6961, it is recommended to update the affected software version to a version that includes the necessary security patches.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/rdkcentral
- canonical/rdkcentral rdkb ccsppandm
- version/rdkcentral rdkb ccsppandm/rdkb-20181217-1