CVE-2018-19031

EPSS 3.82%
Published 04.11.2019 15:15:11
Last modified 21.11.2024 03:57:11
Source security@360.cn
Teams watchlist Login
Open Login

A command injection vulnerability exists when the authorized user passes crafted parameter to background process in the router. This affects 360 router series products (360 Safe Router P0,P1,P2,P3,P4), the affected version is V2.0.61.58897.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

360 ≫ Safe Router P0 Firmware Version2.0.61.58897

360 ≫ Safe Router P0 Version-

360 ≫ Safe Router P1 Firmware Version2.0.61.58897

360 ≫ Safe Router P1 Version-

360 ≫ Safe Router P2 Firmware Version2.0.61.58897

360 ≫ Safe Router P2 Version-

360 ≫ Safe Router P3 Firmware Version2.0.61.58897

360 ≫ Safe Router P3 Version-

360 ≫ Safe Router P4 Firmware Version2.0.61.58897

360 ≫ Safe Router P4 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.82%	0.877

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

https://security.360.cn/News/news/id/188.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-19031

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-19031

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-19031

EUVD