CVE-2019-10478

Published: Apr 5, 2019Modified: Jun 17, 2026

7.2

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. An unrestricted file upload vulnerability in the Front Circle Controller glytoolcgi/settingfile_upload.cgi allows attackers to upload supplied data. This can be used to place attacker controlled code on the filesystem that can be executed and can lead to a reverse root shell.

Affected (1)

Products: Glory Global: Rbw 100 Firmware

1 product

Rbw 100 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Glory Global Rbw 100 Firmware	Version isp-k05-02_7.0.0

Running on/with	Platform Versions
Glory Global Rbw 100	All versions

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://github.com/warringaa/CVEs#glory-systems-rbw-100

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/warringaa/CVEs#glory-systems-rbw-100

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.