CVE-2019-7404 Information

Description

An issue was discovered on LG GAMP-7100 GAPM-7200 and GAPM-8000 routers. An unauthenticated user can read a log file via an HTTP request containing its full pathname such as http://192.168.0.1/var/gapm7100_$today’s_date.log for reading a filename such as gapm7100_190101.log.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://github.com/epistemophilia/CVEs/blob/master/LG-GAMP-Routers/CVE-2019-7404/poc-cve-2019-7404.py

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5