CVE-2019-6441

Name of the Vulnerable Software and Affected Versions Shenzhen Coship RT3050 version 4.0.0.40 Shenzhen Coship RT3052 version 4.0.0.48 Shenzhen Coship RT7620 version 10.0.0.49 Shenzhen Coship WM3300 versions 5.0.0.54 through 5.0.0.55

Description The password reset functionality of the router lacks backend validation for the current password and does not require authentication. An attacker can exploit this by making a POST request to the "apply.cgi" file, allowing them to change the admin username and password of the router.

Recommendations For Shenzhen Coship RT3050 version 4.0.0.40, consider disabling the password reset functionality until a patch is available. For Shenzhen Coship RT3052 version 4.0.0.48, restrict access to the apply.cgi file to minimize the risk of exploitation. For Shenzhen Coship RT7620 version 10.0.0.49, avoid using the password reset feature until the issue is resolved. For Shenzhen Coship WM3300 versions 5.0.0.54 through 5.0.0.55, consider implementing additional authentication measures for the password reset functionality as a temporary workaround.