CVE-2019-6441
published 2019-03-21CVE-2019-6441: An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset…
PriorityP180critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
53.61%
98.9th percentile
An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| coship | rt3050_firmware | — | — |
| coship | rt3052_firmware | — | — |
| coship | rt7620_firmware | — | — |
| coship | wm3300_firmware | — | — |
| coship | wm3300_firmware | — | — |
| chrome_chrome | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated POST requests to /apply.cgi on Coship router management interfaces; no session token or current-password field will be present in the request body, indicating exploitation of the missing authentication vulnerability. ↗
- →The exploit uses a CSRF-style HTML form with history.pushState to obscure the origin; look for cross-origin POST requests to /apply.cgi with admin credential fields submitted from a browser context. ↗
- ·Affected devices span multiple firmware versions across different models (RT3050, RT3052, RT7620, WM3300); detection rules targeting /apply.cgi should be scoped to these Coship device management interfaces to reduce false positives. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gvmx-6cqv-6x5q: An issue was discovered on Shenzhen Coship RT3050 4
ghsa_unreviewed·2022-05-13
CVE-2019-6441 [CRITICAL] CWE-287 GHSA-gvmx-6cqv-6x5q: An issue was discovered on Shenzhen Coship RT3050 4
An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.
Chrome
Stable Channel Update for Desktop: CVE-2020-6441
vendor_chrome·2020-04-07·CVSS 4.3
CVE-2020-6441 [LOW] Stable Channel Update for Desktop: CVE-2020-6441
Stable Channel Update for Desktop
CVE-2020-6441: Insufficient policy enforcement in omnibox. Reported by David Erceg on 2019-05-04
[$500][ 1013906 ] Low CVE-2020-6442: Inappropriate implementation in cache
Reported by B@rMey on 2019-10-12
Severity: low
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/151202/Coship-Wireless-Router-Unauthenticated-Admin-Password-Reset.htmlhttps://packetstormsecurity.com/files/151202/Coship-Wireless-Router-Unauthenticated-Admin-Password-Reset.htmlhttps://vulmon.com/exploitdetails?qidtp=EDB&qid=46180https://www.anquanke.com/vul/id/1451446https://www.exploit-db.com/exploits/46180https://www.exploit-db.com/exploits/46180/http://packetstormsecurity.com/files/151202/Coship-Wireless-Router-Unauthenticated-Admin-Password-Reset.htmlhttps://packetstormsecurity.com/files/151202/Coship-Wireless-Router-Unauthenticated-Admin-Password-Reset.htmlhttps://vulmon.com/exploitdetails?qidtp=EDB&qid=46180https://www.anquanke.com/vul/id/1451446https://www.exploit-db.com/exploits/46180https://www.exploit-db.com/exploits/46180/
2019-03-21
Published