{"containers": {"cna": {"affected": [{"product": "360 Router F5C", "vendor": "360 Security Technology, Inc.", "versions": [{"status": "affected", "version": "360POP-F5C-V3.1.1.65150"}]}], "descriptions": [{"lang": "en", "value": "By adding some special fields to the uri ofrouter app function, the user could abuse background app cgi functions withoutauthentication. This affects 360 router P0 and F5C."}], "problemTypes": [{"descriptions": [{"description": "Improper Authentication", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-04T13:01:17", "orgId": "40f8fa2f-7875-43d0-a30e-e901a5537754", "shortName": "360ST"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://security.360.cn/News/news/id/218.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@360.cn", "ID": "CVE-2019-3404", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "360 Router F5C", "version": {"version_data": [{"version_value": "360POP-F5C-V3.1.1.65150"}]}}]}, "vendor_name": "360 Security Technology, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "By adding some special fields to the uri ofrouter app function, the user could abuse background app cgi functions withoutauthentication. This affects 360 router P0 and F5C."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Authentication"}]}]}, "references": {"reference_data": [{"name": "https://security.360.cn/News/news/id/218.html", "refsource": "CONFIRM", "url": "https://security.360.cn/News/news/id/218.html"}]}}}}, "cveMetadata": {"assignerOrgId": "40f8fa2f-7875-43d0-a30e-e901a5537754", "assignerShortName": "360ST", "cveId": "CVE-2019-3404", "datePublished": "2020-03-04T13:01:17", "dateReserved": "2018-12-19T00:00:00", "dateUpdated": "2020-03-04T13:01:17", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:360:p0_router_firmware:3.1.1.65150:*:*:*:*:*:*:*", "matchCriteriaId": "AE7FAA6E-7710-4F09-95E7-0784CB91A5EE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:360:p0_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE8AFF8F-155D-47AE-85FC-0A0703D507D8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:360:f5c_router_firmware:3.1.1.65150:*:*:*:*:*:*:*", "matchCriteriaId": "6C32952B-003A-4297-8CE3-0A675F578BD6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:360:f5c_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB803DF3-3DFF-4FD5-97C0-85320AA83301", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "By adding some special fields to the uri ofrouter app function, the user could abuse background app cgi functions withoutauthentication. This affects 360 router P0 and F5C."}, {"lang": "es", "value": "Al agregar algunos campos especiales en la funci\u00f3n de uri ofrouter app, el usuario podr\u00eda abusar de las funciones cgi de la aplicaci\u00f3n en segundo plano sin necesidad de autenticaci\u00f3n. Esto afecta a los enrutadores P0 y F5C de 360."}], "id": "CVE-2019-3404", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-04T14:15:10.307", "references": [{"source": "security@360.cn", "tags": ["Vendor Advisory"], "url": "https://security.360.cn/News/news/id/218.html"}], "sourceIdentifier": "security@360.cn", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}