PT-2019-9719 · 360 · 360 Safe Router

Published

2019-11-04

Updated

2020-08-24

CVE-2018-19031

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions 360 Safe Router versions V2.0.61.58897

Description A command injection issue exists when an authorized user passes a crafted parameter to a background process in the router.

Recommendations For version V2.0.61.58897, avoid using crafted parameters in the background process until a fix is available. As a temporary workaround, consider restricting access to the background process to minimize the risk of exploitation.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2018-19031

Affected Products

360 Safe Router

PT-2019-9719 · 360 · 360 Safe Router

CVE-2018-19031

Weakness Enumeration

Related Identifiers

Affected Products

References · 3