CVE-2019-19967

The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH devices accepts a cleartext password in a POST request on port 80, as demonstrated by the Password field to the xml/setter.xml URI...

CVE-2019-17499

The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to execute OS commands as root via shell metacharacters in the TargetIP parameter...

Compal Broadband CH7465LG modem path traversal vulnerability

The Compal Broadband CH7465LG modem is a modem from Compal Computer Industries Compal of Taiwan, China. A path traversal vulnerability exists in the web interface of the Compal Broadband CH7465LG modem CH7465LG-NCIP-6.12.18.25-2p6-NOSH version, which arises from a failure of a networked system or...

CVE-2019-17224

The web interface of the Compal Broadband CH7465LG modem version CH7465LG-NCIP-6.12.18.25-2p6-NOSH is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of th...

CVE-2019-17224

The web interface of the Compal Broadband CH7465LG modem version CH7465LG-NCIP-6.12.18.25-2p6-NOSH is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of th...

Path traversal

The web interface of the Compal Broadband CH7465LG modem version CH7465LG-NCIP-6.12.18.25-2p6-NOSH is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of th...

CVE-2019-17224

The CVE-2019-17224 entry concerns the web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH). A /%2f/ path traversal vulnerability could be exploited to probe for files outside the web root. Behavior observed in the description: if a file exists but is no...

CVE-2019-17224

The web interface of the Compal Broadband CH7465LG modem version CH7465LG-NCIP-6.12.18.25-2p6-NOSH is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of th...

Unspecified Vulnerability in Compal CH7465LG

The Compal CH7465LG is a wireless router from Compal Computer Industries Compal of Taiwan, China. A security vulnerability exists in the setter.xml component of the Common Gateway Interface in the Compal CH7465LG version 6.12.18.25-2p4, which is caused by the program not properly validating the...

CVE-2019-17499

The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to execute OS commands as root via shell metacharacters in the TargetIP parameter...

CVE-2019-17499

The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to execute OS commands as root via shell metacharacters in the TargetIP parameter...

Design/Logic Flaw

The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to execute OS commands as root via shell metacharacters in the TargetIP parameter...

CVE-2019-17499

The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to execute OS commands as root via shell metacharacters in the TargetIP parameter...

CVE-2019-17499

The CVE-2019-17499 issue affects the Compal CH7465LG series (example version 6.12.18.25-2p4). The setter.xml component of the Common Gateway Interface does not properly validate ping command arguments, allowing remote authenticated users to run OS commands as root via shell metacharacters in the ...

CVE-2019-13025

Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST HTTP request containing shell commands, which will be executed on the device, to an backend API endpoint of the cable mod...

CVE-2019-13025

Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST HTTP request containing shell commands, which will be executed on the device, to an backend API endpoint of the cable mod...

Input validation

Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST HTTP request containing shell commands, which will be executed on the device, to an backend API endpoint of the cable mod...

CVE-2019-13025

CVE-2019-13025 affects Compal CH7465LG/CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices. The issue is improper input validation leading to insufficient access control, allowing an attacker to send a malicious POST (HTTP) request containing shell commands to a backend API endpoint, resulting in remote co...

CVE-2019-13025

Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST HTTP request containing shell commands, which will be executed on the device, to an backend API endpoint of the cable mod...

Exploit for OS Command Injection in Compal Ch7465Lg_Firmware

Connect Box CH7465LG CVE-2019-13025 Information This rep...