Lucene search

[email protected]CVE-2019-6272

HistoryMar 21, 2019 - 4:01 p.m.

CVE-2019-6272

2019-03-2116:01:07

CWE-77

[email protected]

web.nvd.nist.gov

cve-2019-6272

command injection

gl.inet

gl-ar300m-lite

firmware 2.27

nvd

security vulnerability

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.015

Percentile

87.2%

JSON

Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.

Affected configurations

NVD

Node

gl-inetgl-ar300m-liteMatch-

AND

gl-inetgl-ar300m-lite_firmwareMatch2.27

VendorProductVersionCPE
gl-inetgl-ar300m-lite_firmware2.27cpe:/o:gl-inet:gl-ar300m-lite_firmware:2.27:::

Vendor	Product	Version	CPE
gl-inet	gl-ar300m-lite_firmware	2.27	cpe:/o:gl-inet:gl-ar300m-lite_firmware:2.27:::

References

packetstormsecurity.com/files/151207/GL-AR300M-Lite-2.2.7-Command-Injection-Directory-Traversal.html

www.exploit-db.com/exploits/46179/

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.015

Percentile

87.2%

JSON

Related for CVE-2019-6272

nvd1 cvelist1 prion1 packetstorm1 exploitpack1 exploitdb1