CVE-2019-7404
First published: Mon May 13 2019(Updated: )
An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. An unauthenticated user can read a log file via an HTTP request containing its full pathname, such as http://192.168.0.1/var/gapm7100_${today's_date}.log for reading a filename such as gapm7100_190101.log.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lg Gamp-7100 Firmware | ||
| LG GAMP-7100 | ||
| Lg Gapm-7200 Firmware | ||
| Lg Gapm-7200 | ||
| Lg Gapm-8000 Firmware | ||
| Lg Gapm-8000 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-7404.
Which routers are affected by this vulnerability?
LG GAMP-7100, GAPM-7200, and GAPM-8000 routers are affected by this vulnerability.
How can an unauthenticated user exploit this vulnerability?
An unauthenticated user can read a log file by sending an HTTP request with the full pathname of the log file.
What is the severity of CVE-2019-7404?
The severity of CVE-2019-7404 is high with a CVSS score of 7.5.
Is there a proof of concept available for this vulnerability?
Yes, a proof of concept for CVE-2019-7404 is available on GitHub.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/lg
- canonical/lg gamp-7100 firmware
- canonical/lg gamp-7100
- canonical/lg gapm-7200 firmware
- canonical/lg gapm-7200
- canonical/lg gapm-8000 firmware
- canonical/lg gapm-8000