cbcvebase.
CVE-2019-6279
published 2019-03-21

CVE-2019-6279: ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnerability via the…

PriorityP262high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
7.53%
93.7th percentile
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnerability via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password.

Affected

1 ranges
VendorProductVersion rangeFixed in
chinamobileltdgpn2.4p21-c-cn_firmware

Detection & IOCsextracted from sources · hover to see the quote

urlcgi-bin/webproc?getpage=html/index.html&subpage=wlsecurity
  • Monitor for unauthenticated POST/GET requests to the wlsecurity subpage endpoint on ChinaMobile GPN2.4P21-C-CN routers; exploitation does not require login credentials.
  • ·Vulnerability is specific to firmware version W2001EN-00 on ChinaMobile GPN2.4P21-C-CN devices; detections should be scoped to this firmware/model.

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.