Unrated severityNVD Advisory· Published Mar 19, 2019· Updated Aug 4, 2024

CVE-2019-6441

Description

An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Coship/RT7620llm-create
Range: =10.0.0.49
Coship/RT3052llm-fuzzy
Range: =4.0.0.40

Patches

Vulnerability mechanics

References

www.exploit-db.com/exploits/46180mitreexploitx_refsource_EXPLOIT-DB
www.exploit-db.com/exploits/46180/mitreexploitx_refsource_EXPLOIT-DB
packetstormsecurity.com/files/151202/Coship-Wireless-Router-Unauthenticated-Admin-Password-Reset.htmlmitrex_refsource_MISC
packetstormsecurity.com/files/151202/Coship-Wireless-Router-Unauthenticated-Admin-Password-Reset.htmlmitrex_refsource_MISC
vulmon.com/exploitdetailsmitrex_refsource_MISC
www.anquanke.com/vul/id/1451446mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.043
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000