PT-2020-10896 · 360 · 360 Router

王恩泽

Published

2020-03-04

Updated

2020-08-24

CVE-2019-3404

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions 360 router versions P0 and F5C

Description The issue allows users to abuse background app CGI functions without authentication by adding special fields to the URI of the router app function.

Recommendations For 360 router version P0, consider restricting access to the background app CGI functions until a fix is available. For 360 router version F5C, consider restricting access to the background app CGI functions until a fix is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-3404

Affected Products

360 Router

PT-2020-10896 · 360 · 360 Router

CVE-2019-3404

Related Identifiers

Affected Products

References · 3