CVE-2019-3404 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

By adding some special fields to the uri ofrouter app function, the user could abuse background app cgi functions withoutauthentication. This affects 360 router P0 and F5C.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
360	P0 Router Firmware	3.1.1.65150
360	P0 Router	-
360	F5C Router Firmware	3.1.1.65150
360	F5C Router	-

References

https://security.360.cn/News/news/id/218.htmlVendor Advisory
https://security.360.cn/News/news/id/218.htmlVendor Advisory

FAQ

What is CVE-2019-3404?

CVE-2019-3404 is a vulnerability with a CVSS score of 7.5 (HIGH). By adding some special fields to the uri ofrouter app function, the user could abuse background app cgi functions withoutauthentication. This affects 360 router P0 and F5C.

How severe is CVE-2019-3404?

CVE-2019-3404 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-3404?

Check the references section above for vendor advisories and patch information. Affected products include: 360 P0 Router Firmware, 360 P0 Router, 360 F5C Router Firmware, 360 F5C Router.