What is the severity of CVE-2019-7385?

CVE-2019-7385 has a high severity due to its potential for authenticated shell command injection.

What causes CVE-2019-7385?

CVE-2019-7385 is caused by improper handling of the newpass and confpass parameters in the web management interface.

Are there any workarounds for CVE-2019-7385?

There are no specific workarounds for CVE-2019-7385; updating the firmware is the recommended approach.

Vulnerability/
CVE-2019-7385

high

7.8

CWE

78 20 77

17/3/2019

21/11/2024

CVE-2019-7385: OS Command Injection

Q: How do I fix CVE-2019-7385?

To fix CVE-2019-7385, update the firmware of Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products to a version above ISCOMHT803G-U_2.0.0_140521_R4.1.47.002.

Q: Which products are affected by CVE-2019-7385?

CVE-2019-7385 affects the Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products running specific firmware versions.

First published: Sun Mar 17 2019(Updated: )

An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below, The values of the newpass and confpass parameters in /bin/WebMGR are used in a system call in the firmware. Because there is no user input validation, this leads to authenticated code execution on the device.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Raisecom Iscom Ht803g-u Firmware	<=iscomht803g-u_2.0.0_140521_r4.1.47.002
Raisecom ISCOM HT803G-U
Raisecom Iscom Ht803g-w Firmware	<iscomht803g-u_2.0.0_140521_r4.1.47.002
Raisecom Iscom Ht803g-w
Raisecom Iscom Ht803g-1ge Firmware	<iscomht803g-u_2.0.0_140521_r4.1.47.002
Raisecom Iscom Ht803g-1ge
Raisecom Iscom Ht803g Gpon Firmware	<iscomht803g-u_2.0.0_140521_r4.1.47.002
Raisecom Iscom Ht803g Gpon
All of
Raisecom Iscom Ht803g-u Firmware	<=iscomht803g-u_2.0.0_140521_r4.1.47.002
Raisecom ISCOM HT803G-U
All of
Raisecom Iscom Ht803g-w Firmware	<iscomht803g-u_2.0.0_140521_r4.1.47.002
Raisecom Iscom Ht803g-w
All of
Raisecom Iscom Ht803g-1ge Firmware	<iscomht803g-u_2.0.0_140521_r4.1.47.002
Raisecom Iscom Ht803g-1ge
All of
Raisecom Iscom Ht803g Gpon Firmware	<iscomht803g-u_2.0.0_140521_r4.1.47.002
Raisecom Iscom Ht803g Gpon

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-7385?
CVE-2019-7385 has a high severity due to its potential for authenticated shell command injection.
How do I fix CVE-2019-7385?
To fix CVE-2019-7385, update the firmware of Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products to a version above ISCOMHT803G-U_2.0.0_140521_R4.1.47.002.
Which products are affected by CVE-2019-7385?
CVE-2019-7385 affects the Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products running specific firmware versions.
What causes CVE-2019-7385?
CVE-2019-7385 is caused by improper handling of the newpass and confpass parameters in the web management interface.
Are there any workarounds for CVE-2019-7385?
There are no specific workarounds for CVE-2019-7385; updating the firmware is the recommended approach.

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/references
agent/first-publish-date
agent/description
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/author
agent/last-modified-date
agent/event
agent/tags
agent/softwarecombine
agent/source
vendor/raisecom
canonical/raisecom iscom ht803g-u firmware
version/raisecom iscom ht803g-u firmware/iscomht803g-u_2.0.0_140521_r4.1.47.002
canonical/raisecom iscom ht803g-u
canonical/raisecom iscom ht803g-w firmware
canonical/raisecom iscom ht803g-w
canonical/raisecom iscom ht803g-1ge firmware
canonical/raisecom iscom ht803g-1ge
canonical/raisecom iscom ht803g gpon firmware
canonical/raisecom iscom ht803g gpon

Frequently Asked Questions

What is the severity of CVE-2019-7385?
CVE-2019-7385 has a high severity due to its potential for authenticated shell command injection.
How do I fix CVE-2019-7385?
To fix CVE-2019-7385, update the firmware of Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products to a version above ISCOMHT803G-U_2.0.0_140521_R4.1.47.002.
Which products are affected by CVE-2019-7385?
CVE-2019-7385 affects the Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products running specific firmware versions.
What causes CVE-2019-7385?
CVE-2019-7385 is caused by improper handling of the newpass and confpass parameters in the web management interface.
Are there any workarounds for CVE-2019-7385?
There are no specific workarounds for CVE-2019-7385; updating the firmware is the recommended approach.

CVE-2019-7385: OS Command Injection

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-7385?

How do I fix CVE-2019-7385?

Which products are affected by CVE-2019-7385?

What causes CVE-2019-7385?

Are there any workarounds for CVE-2019-7385?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2019-7385?

How do I fix CVE-2019-7385?

Which products are affected by CVE-2019-7385?

What causes CVE-2019-7385?

Are there any workarounds for CVE-2019-7385?