What is the severity of CVE-2019-7384?

CVE-2019-7384 is classified as a high severity vulnerability due to the potential for authenticated shell command injection.

How do I fix CVE-2019-7384?

To fix CVE-2019-7384, update the firmware of affected Raisecom ISCOM HT803G products to a version above ISCOMHT803G-U_2.0.0_140521_R4.1.47.002.

What kind of vulnerability is CVE-2019-7384?

CVE-2019-7384 is an authenticated shell command injection vulnerability that can be exploited through specific system calls.

Is CVE-2019-7384 remotely exploitable?

CVE-2019-7384 requires authenticated access to the devices, making it less likely to be exploited remotely without credentials.

Vulnerability/
CVE-2019-7384

high

7.8

CWE

78 20 77

17/3/2019

21/11/2024

CVE-2019-7384: OS Command Injection

Q: Which products are affected by CVE-2019-7384?

CVE-2019-7384 affects the Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products running vulnerable firmware.

First published: Sun Mar 17 2019(Updated: )

An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below. The value of the fmgpon_loid parameter is used in a system call inside the boa binary. Because there is no user input validation, this leads to authenticated code execution on the device.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Raisecom Iscom Ht803g-u Firmware	<=iscomht803g-u_2.0.0_140521_r4.1.47.002
Raisecom ISCOM HT803G-U
Raisecom Iscom Ht803g-w Firmware	<iscomht803g-u_2.0.0_140521_r4.1.47.002
Raisecom Iscom Ht803g-w
Raisecom Iscom Ht803g-1ge Firmware	<iscomht803g-u_2.0.0_140521_r4.1.47.002
Raisecom Iscom Ht803g-1ge
Raisecom Iscom Ht803g Gpon Firmware	<iscomht803g-u_2.0.0_140521_r4.1.47.002
Raisecom Iscom Ht803g Gpon
All of
Raisecom Iscom Ht803g-u Firmware	<=iscomht803g-u_2.0.0_140521_r4.1.47.002
Raisecom ISCOM HT803G-U
All of
Raisecom Iscom Ht803g-w Firmware	<iscomht803g-u_2.0.0_140521_r4.1.47.002
Raisecom Iscom Ht803g-w
All of
Raisecom Iscom Ht803g-1ge Firmware	<iscomht803g-u_2.0.0_140521_r4.1.47.002
Raisecom Iscom Ht803g-1ge
All of
Raisecom Iscom Ht803g Gpon Firmware	<iscomht803g-u_2.0.0_140521_r4.1.47.002
Raisecom Iscom Ht803g Gpon

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-7384?
CVE-2019-7384 is classified as a high severity vulnerability due to the potential for authenticated shell command injection.
How do I fix CVE-2019-7384?
To fix CVE-2019-7384, update the firmware of affected Raisecom ISCOM HT803G products to a version above ISCOMHT803G-U_2.0.0_140521_R4.1.47.002.
Which products are affected by CVE-2019-7384?
CVE-2019-7384 affects the Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products running vulnerable firmware.
What kind of vulnerability is CVE-2019-7384?
CVE-2019-7384 is an authenticated shell command injection vulnerability that can be exploited through specific system calls.
Is CVE-2019-7384 remotely exploitable?
CVE-2019-7384 requires authenticated access to the devices, making it less likely to be exploited remotely without credentials.

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/references
agent/first-publish-date
agent/description
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/author
agent/last-modified-date
agent/event
agent/tags
agent/softwarecombine
agent/source
vendor/raisecom
canonical/raisecom iscom ht803g-u firmware
version/raisecom iscom ht803g-u firmware/iscomht803g-u_2.0.0_140521_r4.1.47.002
canonical/raisecom iscom ht803g-u
canonical/raisecom iscom ht803g-w firmware
canonical/raisecom iscom ht803g-w
canonical/raisecom iscom ht803g-1ge firmware
canonical/raisecom iscom ht803g-1ge
canonical/raisecom iscom ht803g gpon firmware
canonical/raisecom iscom ht803g gpon

Frequently Asked Questions

What is the severity of CVE-2019-7384?
CVE-2019-7384 is classified as a high severity vulnerability due to the potential for authenticated shell command injection.
How do I fix CVE-2019-7384?
To fix CVE-2019-7384, update the firmware of affected Raisecom ISCOM HT803G products to a version above ISCOMHT803G-U_2.0.0_140521_R4.1.47.002.
Which products are affected by CVE-2019-7384?
CVE-2019-7384 affects the Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products running vulnerable firmware.
What kind of vulnerability is CVE-2019-7384?
CVE-2019-7384 is an authenticated shell command injection vulnerability that can be exploited through specific system calls.
Is CVE-2019-7384 remotely exploitable?
CVE-2019-7384 requires authenticated access to the devices, making it less likely to be exploited remotely without credentials.

CVE-2019-7384: OS Command Injection

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-7384?

How do I fix CVE-2019-7384?

Which products are affected by CVE-2019-7384?

What kind of vulnerability is CVE-2019-7384?

Is CVE-2019-7384 remotely exploitable?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2019-7384?

How do I fix CVE-2019-7384?

Which products are affected by CVE-2019-7384?

What kind of vulnerability is CVE-2019-7384?

Is CVE-2019-7384 remotely exploitable?