6 matches found
CVE-2019-7564
An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wlsecurity2G.asp URI, the attacker can change the password of the Wi-FI...
Authentication flaw
An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wlsecurity2G.asp URI, the attacker can change the password of the Wi-FI...
CVE-2019-7564
The CVE-2019-7564 entry concerns Shenzhen Coship WM3300 WiFi Router devices (notably 5.0.0.55). A password-reset function for the Wireless SSID does not require authentication, allowing an unauthenticated POST to regx/wireless/wl_security_2G.asp to change the Wi-Fi password. Red Hat and other fee...
CVE-2019-7564
An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wlsecurity2G.asp URI, the attacker can change the password of the Wi-FI...
CVE-2019-6441
An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By...
CVE-2019-6441
CVE-2019-6441 affects Shenzhen Coship RT3050/RT3052/RT7620/WM3300 devices (firmware versions 4.0.0.40/4.0.0.48/10.0.0.49/5.0.0.54/5.0.0.55). The issue is an unauthenticated password reset function: the router’s password reset workflow does not validate the current password and requires no authent...