Vulnerability Description
An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1_TRUNK-20181105.bin. A shell command injection occurs by editing the description of an ISP file. The file network/isp/isp_update_edit.php does not properly validate user input, which leads to shell command injection via the des parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Systrome | Cumilon Isg-600C Firmware | 1.1-r2.1 |
| Systrome | Cumilon Isg-600C | - |
| Systrome | Cumilon Isg-600H Firmware | 1.1-r2.1 |
| Systrome | Cumilon Isg-600H | - |
| Systrome | Cumilon Isg-800W Firmware | 1.1-r2.1 |
| Systrome | Cumilon Isg-800W | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/151648/SYSTORME-ISG-Command-Injection.htmlExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2019/Feb/32ExploitMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/107035Third Party AdvisoryVDB Entry
- https://s3curityb3ast.github.io/KSA-Dev-003.mdThird Party Advisory
- https://www.breakthesec.com/2019/02/cve-2019-7383-remote-code-execution-via.htmlThird Party Advisory
- http://packetstormsecurity.com/files/151648/SYSTORME-ISG-Command-Injection.htmlExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2019/Feb/32ExploitMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/107035Third Party AdvisoryVDB Entry
- https://s3curityb3ast.github.io/KSA-Dev-003.mdThird Party Advisory
- https://www.breakthesec.com/2019/02/cve-2019-7383-remote-code-execution-via.htmlThird Party Advisory
FAQ
What is CVE-2019-7383?
CVE-2019-7383 is a vulnerability with a CVSS score of 7.8 (HIGH). An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1_TRUNK-20181105.bin. A shell command injection occurs by editing the description of an ISP f...
How severe is CVE-2019-7383?
CVE-2019-7383 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-7383?
Check the references section above for vendor advisories and patch information. Affected products include: Systrome Cumilon Isg-600C Firmware, Systrome Cumilon Isg-600C, Systrome Cumilon Isg-600H Firmware, Systrome Cumilon Isg-600H, Systrome Cumilon Isg-800W Firmware.