CVE-2019-19942

Published: Mar 16, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Missing output sanitation in Swisscom Centro Grande Centro Grande before 6.16.12, Centro Business 1.0 (ADB) before 7.10.18, and Centro Business 2.0 before 8.02.04 allows a remote attacker to perform DNS spoofing against the web interface via crafted hostnames in DHCP requests.

Affected (3)

Products: Swisscom: Centro Grande Firmware, Centro Business

2 products

Centro Grande Firmware

Centro Business

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Swisscom Centro Grande Firmware	Before 6.14.06

Running on/with	Platform Versions
Swisscom Centro Grande	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Swisscom Centro Business	From 1.0 to 7.10.18

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Swisscom Centro Business	From 2.0 to 8.02.04

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2019-19940ff.txt

Source: cve@mitre.org

ExploitVendor Advisory

https://www.swisscom.ch/en/residential/help/device/internet-router.html

Source: cve@mitre.org

Product

https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2019-19940ff.txt

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

https://www.swisscom.ch/en/residential/help/device/internet-router.html

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.