CVE-2019-13025

CRITICAL

Compal Ch7465lg Firmware - OS Command Injection

Title source: rule

Description

Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST (HTTP) request containing shell commands, which will be executed on the device, to an backend API endpoint of the cable modem.

Exploits (1)

nomisec WORKING POC 38 stars

by x1tan · poc

https://github.com/x1tan/CVE-2019-13025

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://xitan.me/posts/connect-box-ch7465lg-rce/

Scores

CVSS v3 9.8

EPSS 0.1081

EPSS Percentile 93.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78 CWE-669

Status published

Products (1)

compal/ch7465lg_firmware ch7465lg-ncip-6.12.18.24-5p8-nosh

Published Oct 02, 2019

Tracked Since Feb 18, 2026