360 · 360 Router · CVE-2019-3404
**Name of the Vulnerable Software and Affected Versions**
360 router versions P0 and F5C
**Description**
The issue allows users to abuse background app CGI functions without authentication by adding special fields to the URI of the router app function.
**Recommendations**
For 360 router version P0, consider restricting access to the background app CGI functions until a fix is available.
For 360 router version F5C, consider restricting access to the background app CGI functions until a fix is available.