← Back

CVE-2018-19031

nvd nist
Published: Nov 4, 2019Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A command injection vulnerability exists when the authorized user passes crafted parameter to background process in the router. This affects 360 router series products (360 Safe Router P0,P1,P2,P3,P4), the affected version is V2.0.61.58897.

Affected (5)

360
5 products
Safe Router P0 Firmware
Safe Router P1 Firmware
Safe Router P2 Firmware
Safe Router P3 Firmware
Safe Router P4 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Safe Router P0 Firmware
Version 2.0.61.58897
Running on/withPlatform Versions
360
Safe Router P0
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Safe Router P1 Firmware
Version 2.0.61.58897
Running on/withPlatform Versions
360
Safe Router P1
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Safe Router P2 Firmware
Version 2.0.61.58897
Running on/withPlatform Versions
360
Safe Router P2
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Safe Router P3 Firmware
Version 2.0.61.58897
Running on/withPlatform Versions
360
Safe Router P3
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Safe Router P4 Firmware
Version 2.0.61.58897
Running on/withPlatform Versions
360
Safe Router P4
All versions

Related CWEs

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (2)

Source: security@360.cn
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.