CVE-2019-7564

An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wl_security_2G.asp URI, the attacker can change the password of the Wi-FI network.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://packetstormsecurity.com/files/151595/Coship-Wireless-Router-4.0.0.x-5.0.0.x-Authentication-Bypass.html	Exploit Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:coship:rt3052_firmware:4.0.0.48:*:*:*:*:*:*:*

cpe:2.3:h:coship:rt3052:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:coship:rt3050_firmware:4.0.0.40:*:*:*:*:*:*:*

cpe:2.3:h:coship:rt3050:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:coship:wm3300_firmware:5.0.0.54:::::::*
	cpe:2.3:o:coship:wm3300_firmware:5.0.0.55:::::::*

cpe:2.3:h:coship:wm3300:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:coship:rt7620_firmware:10.0.0.49:*:*:*:*:*:*:*

cpe:2.3:h:coship:rt7620:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-05-07 19:29

Updated : 2023-12-10 12:59

NVD link : CVE-2019-7564

Mitre link : CVE-2019-7564

CVE.ORG link : CVE-2019-7564

JSON object : View

Products Affected

coship

rt7620_firmware
rt3050_firmware
rt3052_firmware
rt7620
wm3300
rt3050
rt3052
wm3300_firmware

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2019-7564", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-05-07T19:29:01.753", "references": [{"url": "http://packetstormsecurity.com/files/151595/Coship-Wireless-Router-4.0.0.x-5.0.0.x-Authentication-Bypass.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wl_security_2G.asp URI, the attacker can change the password of the Wi-FI network."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en los dispositivos Coship WM3300 WiFi Router 5.0.0.0.55 de Shenzhen. La funcionalidad de restablecimiento de contrase\u00f1a del SSID inal\u00e1mbrico no requiere ning\u00fan tipo de autenticaci\u00f3n. Al hacer una petici\u00f3n POST a la URI regx/wireless/wl_security_2G.asp, el atacante puede cambiar la contrase\u00f1a de la red Wi-Fi."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:coship:rt3052_firmware:4.0.0.48:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A59AF59-B520-430C-AB30-9614960859A1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:coship:rt3052:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "44DB85CE-36A7-49CC-AC7B-CAA7DB81C8DB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:coship:rt3050_firmware:4.0.0.40:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B799C788-A237-4A63-B4BB-A76563E52EB7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:coship:rt3050:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5952AB48-DD27-4136-A823-49F04825D244"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:coship:wm3300_firmware:5.0.0.54:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52450040-F41F-4555-BE1A-69CD9D203185"}, {"criteria": "cpe:2.3:o:coship:wm3300_firmware:5.0.0.55:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70246B3F-A337-4595-9966-7FDDA68EB24F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:coship:wm3300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "534C8641-1DB1-4C43-9F01-22746458B46B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:coship:rt7620_firmware:10.0.0.49:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D12E278D-1E93-4A0B-ACD3-11B2E78F4824"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:coship:rt7620:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BDFF14FA-1FA5-469E-ACE2-C3C985A34CAC"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}