CVE-2019-7564 — CRITICAL (9.8)

Vulnerability Description

An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wl_security_2G.asp URI, the attacker can change the password of the Wi-FI network.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Coship	Rt3052 Firmware	4.0.0.48
Coship	Rt3052	-
Coship	Rt3050 Firmware	4.0.0.40
Coship	Rt3050	-
Coship	Wm3300 Firmware	5.0.0.54
Coship	Wm3300	-
Coship	Rt7620 Firmware	10.0.0.49
Coship	Rt7620	-

Related Weaknesses (CWE)

CWE-306

References

http://packetstormsecurity.com/files/151595/Coship-Wireless-Router-4.0.0.x-5.0.0ExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/151595/Coship-Wireless-Router-4.0.0.x-5.0.0ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2019-7564?

CVE-2019-7564 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST reque...

How severe is CVE-2019-7564?

CVE-2019-7564 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-7564?

Check the references section above for vendor advisories and patch information. Affected products include: Coship Rt3052 Firmware, Coship Rt3052, Coship Rt3050 Firmware, Coship Rt3050, Coship Wm3300 Firmware.