CVE-2019-3404

{"id": "CVE-2019-3404", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-03-04T14:15:10.307", "references": [{"url": "https://security.360.cn/News/news/id/218.html", "tags": ["Vendor Advisory"], "source": "security@360.cn"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "By adding some special fields to the uri ofrouter app function, the user could abuse background app cgi functions withoutauthentication. This affects 360 router P0 and F5C."}, {"lang": "es", "value": "Al agregar algunos campos especiales en la funci\u00f3n de uri ofrouter app, el usuario podr\u00eda abusar de las funciones cgi de la aplicaci\u00f3n en segundo plano sin necesidad de autenticaci\u00f3n. Esto afecta a los enrutadores P0 y F5C de 360."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:360:p0_router_firmware:3.1.1.65150:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE7FAA6E-7710-4F09-95E7-0784CB91A5EE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:360:p0_router:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CE8AFF8F-155D-47AE-85FC-0A0703D507D8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:360:f5c_router_firmware:3.1.1.65150:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C32952B-003A-4297-8CE3-0A675F578BD6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:360:f5c_router:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DB803DF3-3DFF-4FD5-97C0-85320AA83301"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@360.cn"}