CVE-2019-10478

An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. An unrestricted file upload vulnerability in the Front Circle Controller glytoolcgi/settingfile_upload.cgi allows attackers to upload supplied data. This can be used to place attacker controlled code on the filesystem that can be executed and can lead to a reverse root shell.

CVSS v3 7.2 HIGH
CVSS v2.0 9.0 HIGH

7.2^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://github.com/warringaa/CVEs#glory-systems-rbw-100	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:glory-global:rbw-100_firmware:isp-k05-02_7.0.0:*:*:*:*:*:*:*

cpe:2.3:h:glory-global:rbw-100:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-04-05 19:29

Updated : 2019-04-09 19:53

NVD link : CVE-2019-10478

Mitre link : CVE-2019-10478

CVE.ORG link : CVE-2019-10478

JSON object : View

Products Affected

glory-global

rbw-100
rbw-100_firmware

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2019-10478", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2019-04-05T19:29:00.217", "references": [{"url": "https://github.com/warringaa/CVEs#glory-systems-rbw-100", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. An unrestricted file upload vulnerability in the Front Circle Controller glytoolcgi/settingfile_upload.cgi allows attackers to upload supplied data. This can be used to place attacker controlled code on the filesystem that can be executed and can lead to a reverse root shell."}, {"lang": "es", "value": "Se ha descubierto un problema con el firmware ISP-K05-02 7.0.0 en dispositivos de Glory RBW-100. Una vulnerabilidad de subida de archivos sin restricciones en el controlador \"Front Circle\" en glytoolcgi/settingfile_upload.cgi permite que los atacantes suban datos proporcionados. Esta vulnerabilidad se puede utilizar para introducir c\u00f3digo controlado por el atacante en el sistema de archivos para que se ejecute, lo cual puede conducir a un shell root inverso."}], "lastModified": "2019-04-09T19:53:15.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:glory-global:rbw-100_firmware:isp-k05-02_7.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5094CA26-FEBC-4328-BAD4-3548231E05B5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:glory-global:rbw-100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6395F6E8-6C64-4DE7-B7BC-67DE9E4C8BF8"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}