CVE-2019-17224
Last modified
CVE-2019-17224 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product, there is a 404 error. EPSS estimates a 1.23% chance of exploitation in the next 30 days.
Description
The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product, there is a 404 error. If a file does not exist, there is a 302 redirect to index.html.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Compal | Ch7465lg Firmware | ch7465lg-ncip-6.12.18.25-2p6-nosh |
References
- https://vulnerabilities.home.blog/2019/10/27/again-a-vunerability-in-cable-router-ch7465lg-cve-2019-17224/Exploit, Third Party Advisory
- https://www.search-lab.hu/media/Compal_CH7465LG_Evaluation_Report_1.1.pdfThird Party Advisory
- https://vulnerabilities.home.blog/2019/10/27/again-a-vunerability-in-cable-router-ch7465lg-cve-2019-17224/Exploit, Third Party Advisory
- https://www.search-lab.hu/media/Compal_CH7465LG_Evaluation_Report_1.1.pdfThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-17224?
How severe is CVE-2019-17224?
How do I fix CVE-2019-17224?
Are you affected by CVE-2019-17224?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST