8.8
CVE-2018-19031
- EPSS 3.82%
- Veröffentlicht 04.11.2019 15:15:11
- Zuletzt bearbeitet 21.11.2024 03:57:11
- Quelle security@360.cn
- Teams Watchlist Login
- Unerledigt Login
A command injection vulnerability exists when the authorized user passes crafted parameter to background process in the router. This affects 360 router series products (360 Safe Router P0,P1,P2,P3,P4), the affected version is V2.0.61.58897.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
360 ≫ Safe Router P0 Firmware Version2.0.61.58897
360 ≫ Safe Router P1 Firmware Version2.0.61.58897
360 ≫ Safe Router P2 Firmware Version2.0.61.58897
360 ≫ Safe Router P3 Firmware Version2.0.61.58897
360 ≫ Safe Router P4 Firmware Version2.0.61.58897
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.82% | 0.877 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.