PT-2019-13318 · Advan · Advan Vd-1

Keniver Wang

Published

2019-08-29

Updated

2020-08-24

CVE-2019-13406

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Advan VD-1 firmware versions up to 230

Description A broken access control issue allows an attacker to install arbitrary APKs without authentication by sending a POST request to "cgibin/ApkUpload.cgi".

Recommendations For Advan VD-1 firmware versions up to 230, consider restricting access to the "cgibin/ApkUpload.cgi" endpoint until a patch is available.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2019-13406

Affected Products

Advan Vd-1

PT-2019-13318 · Advan · Advan Vd-1

CVE-2019-13406

Weakness Enumeration

Related Identifiers

Affected Products

References · 5