CVE-2019-17224

Name of the Vulnerable Software and Affected Versions Compal Broadband CH7465LG modem version CH7465LG-NCIP-6.12.18.25-2p6-NOSH

Description The web interface of the modem is susceptible to a path traversal attack via the / endpoint, allowing an attacker to check for the existence of files outside the web root directory. If a file exists but is not part of the product, it results in a 404 error. If the file does not exist, it leads to a 302 redirect to index.html.

Recommendations For version CH7465LG-NCIP-6.12.18.25-2p6-NOSH, consider restricting access to the web interface to minimize the risk of exploitation. As a temporary workaround, avoid using the / endpoint with traversal characters until a patch is available.