Unrated severityNVD Advisory· Published Jun 20, 2019· Updated Aug 4, 2024

CVE-2019-6961

Description

Incorrect access control in actionHandlerUtility.php in the RDK RDKB-20181217-1 WebUI module allows a logged in user to control DDNS, QoS, RIP, and other privileged configurations (intended only for the network operator) by sending an HTTP POST to the PHP backend, because the page filtering for non-superuser (in header.php) is done only for GET requests and not for direct AJAX calls.

Affected products

RDK/WebUI moduledescription
RDK/WebUI modulellm-create
Range: = RDKB-20181217-1

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

dojo.bullguard.com/dojo-by-bullguard/blog/the-gateway-is-wide-openmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000