CVE-2019-17224

The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product, there is a 404 error. If a file does not exist, there is a 302 redirect to index.html.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://vulnerabilities.home.blog/2019/10/27/again-a-vunerability-in-cable-router-ch7465lg-cve-2019-17224/	Exploit Third Party Advisory
https://www.search-lab.hu/media/Compal_CH7465LG_Evaluation_Report_1.1.pdf	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:compal:ch7465lg_firmware:ch7465lg-ncip-6.12.18.25-2p6-nosh:*:*:*:*:*:*:*

cpe:2.3:h:compal:ch7465lg:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-10-28 15:15

Updated : 2023-12-10 13:13

NVD link : CVE-2019-17224

Mitre link : CVE-2019-17224

CVE.ORG link : CVE-2019-17224

JSON object : View

Products Affected

compal

ch7465lg_firmware
ch7465lg

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2019-17224", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2019-10-28T15:15:14.240", "references": [{"url": "https://vulnerabilities.home.blog/2019/10/27/again-a-vunerability-in-cable-router-ch7465lg-cve-2019-17224/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.search-lab.hu/media/Compal_CH7465LG_Evaluation_Report_1.1.pdf", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product, there is a 404 error. If a file does not exist, there is a 302 redirect to index.html."}, {"lang": "es", "value": "La interfaz web del m\u00f3dem Compal Broadband CH7465LG (versi\u00f3n CH7465LG-NCIP-6.12.18.25-2p6-NOSH) es vulnerable a un ataque de salto de ruta (path) de /%2f/, que puede ser explotado para comprobar la existencia de un nombre de ruta de archivo fuera del directorio root web. Si un archivo existe pero no es parte del producto, se presenta un error 404. Si no existe un archivo, se presenta un redireccionamiento 302 hacia el archivo index.html."}], "lastModified": "2019-11-05T14:43:56.133", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:compal:ch7465lg_firmware:ch7465lg-ncip-6.12.18.25-2p6-nosh:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF5A6C49-BAE4-4EFF-82EA-39C765E44A3B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:compal:ch7465lg:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F1C81061-C74C-42DF-BA8F-6B2AD9C0A3C5"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}