CVE-2019-17224 - OpenCVE

The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product, there is a 404 error. If a file does not exist, there is a 302 redirect to index.html.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Compal	Ch7465lg Ch7465lg Firmware

Configuration 1 [-]

AND

cpe:2.3:o:compal:ch7465lg_firmware:ch7465lg-ncip-6.12.18.25-2p6-nosh:*:*:*:*:*:*:*

cpe:2.3:h:compal:ch7465lg:-:*:*:*:*:*:*:*

References

Link	Resource
https://vulnerabilities.home.blog/2019/10/27/again-a-vunerability-in-cable-router-ch7465lg-cve-2019-17224/	Exploit Third Party Advisory
https://www.search-lab.hu/media/Compal_CH7465LG_Evaluation_Report_1.1.pdf	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-10-28T14:31:30

Updated: 2019-10-28T14:31:30

Reserved: 2019-10-06T00:00:00

Link: CVE-2019-17224

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-10-28T15:15:14.240

Modified: 2019-11-05T14:43:56.133

Link: CVE-2019-17224

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product, there is a 404 error. If a file does not exist, there is a 302 redirect to index.html."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-28T14:31:30", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.search-lab.hu/media/Compal_CH7465LG_Evaluation_Report_1.1.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://vulnerabilities.home.blog/2019/10/27/again-a-vunerability-in-cable-router-ch7465lg-cve-2019-17224/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-17224", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product, there is a 404 error. If a file does not exist, there is a 302 redirect to index.html."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.search-lab.hu/media/Compal_CH7465LG_Evaluation_Report_1.1.pdf", "refsource": "MISC", "url": "https://www.search-lab.hu/media/Compal_CH7465LG_Evaluation_Report_1.1.pdf"}, {"name": "https://vulnerabilities.home.blog/2019/10/27/again-a-vunerability-in-cable-router-ch7465lg-cve-2019-17224/", "refsource": "MISC", "url": "https://vulnerabilities.home.blog/2019/10/27/again-a-vunerability-in-cable-router-ch7465lg-cve-2019-17224/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-17224", "datePublished": "2019-10-28T14:31:30", "dateReserved": "2019-10-06T00:00:00", "dateUpdated": "2019-10-28T14:31:30", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:compal:ch7465lg_firmware:ch7465lg-ncip-6.12.18.25-2p6-nosh:*:*:*:*:*:*:*", "matchCriteriaId": "BF5A6C49-BAE4-4EFF-82EA-39C765E44A3B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:compal:ch7465lg:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1C81061-C74C-42DF-BA8F-6B2AD9C0A3C5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product, there is a 404 error. If a file does not exist, there is a 302 redirect to index.html."}, {"lang": "es", "value": "La interfaz web del m\u00f3dem Compal Broadband CH7465LG (versi\u00f3n CH7465LG-NCIP-6.12.18.25-2p6-NOSH) es vulnerable a un ataque de salto de ruta (path) de /%2f/, que puede ser explotado para comprobar la existencia de un nombre de ruta de archivo fuera del directorio root web. Si un archivo existe pero no es parte del producto, se presenta un error 404. Si no existe un archivo, se presenta un redireccionamiento 302 hacia el archivo index.html."}], "id": "CVE-2019-17224", "lastModified": "2019-11-05T14:43:56.133", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-28T15:15:14.240", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://vulnerabilities.home.blog/2019/10/27/again-a-vunerability-in-cable-router-ch7465lg-cve-2019-17224/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.search-lab.hu/media/Compal_CH7465LG_Evaluation_Report_1.1.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}