cbcvebase.
CVE-2019-6441
published 2019-03-21

CVE-2019-6441: An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset…

PriorityP180critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
53.61%
98.9th percentile
An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.

Affected

6 ranges
VendorProductVersion rangeFixed in
coshiprt3050_firmware
coshiprt3052_firmware
coshiprt7620_firmware
coshipwm3300_firmware
coshipwm3300_firmware
googlechrome_chrome

Detection & IOCsextracted from sources · hover to see the quote

path/apply.cgi
  • Monitor for unauthenticated POST requests to /apply.cgi on Coship router management interfaces; no session token or current-password field will be present in the request body, indicating exploitation of the missing authentication vulnerability.
  • The exploit uses a CSRF-style HTML form with history.pushState to obscure the origin; look for cross-origin POST requests to /apply.cgi with admin credential fields submitted from a browser context.
  • ·Affected devices span multiple firmware versions across different models (RT3050, RT3052, RT7620, WM3300); detection rules targeting /apply.cgi should be scoped to these Coship device management interfaces to reduce false positives.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.