CVE-2019-17224 Information

Description

The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /2f/ path traversal attack which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product there is a 404 error. If a file does not exist there is a 302 redirect to index.html.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Reference

https://vulnerabilities.home.blog/2019/10/27/again-a-vunerability-in-cable-router-ch7465lg-cve-2019-17224/ https://www.search-lab.hu/media/Compal_CH7465LG_Evaluation_Report_1.1.pdf

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

5.3