1. Home
  2. CVE Database
  3. CVE-2019-6441
CRITICAL · 9.8

CVE-2019-6441

An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have...

Vulnerability Description

An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
CoshipRt3050 Firmware4.0.0.40
CoshipRt3050-
CoshipRt3052 Firmware4.0.0.48
CoshipRt3052-
CoshipRt7620 Firmware10.0.0.49
CoshipRt7620-
CoshipWm3300 Firmware5.0.0.54
CoshipWm3300-

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2019-6441?

CVE-2019-6441 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have...

How severe is CVE-2019-6441?

CVE-2019-6441 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-6441?

Check the references section above for vendor advisories and patch information. Affected products include: Coship Rt3050 Firmware, Coship Rt3050, Coship Rt3052 Firmware, Coship Rt3052, Coship Rt7620 Firmware.