MEDIUM🇵🇱 Wersja polska

CVE-2019-17224

CVSS 5.3v3.1pub. 2019-10-28upd. 2024-11-21

The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product, there is a 404 error. If a file does not exist, there is a 302 redirect to index.html.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Compal Ch7465lg

    HW
    Compal
    wszystkie wersje
  • Compal Ch7465lg Firmware

    OS
    Compal
    ch7465lg-ncip-6.12.18.25-2p6-nosh
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2019-13025CRITICAL9.8ten sam produkt

Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper In...

CVE-2019-17499HIGH8.8ten sam produkt

The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not pr...

CVE-2019-19494HIGH8.8ten sam vendor

Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote...