Vulnerability Description
A local file inclusion vulnerability exists in the web interface of Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. When the export function is called from system/maintenance/export.php, it accepts the path provided by the user, leading to path traversal via the name parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Systrome | Isg-600C Firmware | 1.1-r2.1_trunk-20180914 |
| Systrome | Isg-600C | - |
| Systrome | Isg-600H Firmware | 1.1-r2.1_trunk-20180914 |
| Systrome | Isg-600H | - |
| Systrome | Isg-800W Firmware | 1.1-r2.1_trunk-20180914 |
| Systrome | Isg-800W | - |
Related Weaknesses (CWE)
References
- https://s3curityb3ast.github.io/KSA-Dev-004.md
- https://www.breakthesec.com/2019/02/cve-2019-7387-authenticated-arbitrary.html
- https://s3curityb3ast.github.io/KSA-Dev-004.md
- https://www.breakthesec.com/2019/02/cve-2019-7387-authenticated-arbitrary.html
FAQ
What is CVE-2019-7387?
CVE-2019-7387 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A local file inclusion vulnerability exists in the web interface of Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. When the export function is called from syste...
How severe is CVE-2019-7387?
CVE-2019-7387 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-7387?
Check the references section above for vendor advisories and patch information. Affected products include: Systrome Isg-600C Firmware, Systrome Isg-600C, Systrome Isg-600H Firmware, Systrome Isg-600H, Systrome Isg-800W Firmware.