CVE-2019-13025

CRITICAL

Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH - OS Command Injection via Backend API Endpoint

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-13025. PoCs published by x1tan.

AI-analyzed exploit summary This repository contains two functional Python scripts demonstrating unauthenticated RCE and information disclosure vulnerabilities in the Connect Box CH7465LG router. The exploits leverage improper input validation in the XML setter/getter endpoints to execute arbitrary commands and dump sensitive data.

Description

Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST (HTTP) request containing shell commands, which will be executed on the device, to an backend API endpoint of the cable modem.

Exploits (1)

nomisec WORKING POC 38 stars
by x1tan · poc
https://github.com/x1tan/CVE-2019-13025

This repository contains two functional Python scripts demonstrating unauthenticated RCE and information disclosure vulnerabilities in the Connect Box CH7465LG router. The exploits leverage improper input validation in the XML setter/getter endpoints to execute arbitrary commands and dump sensitive data.

Classification
Working Poc 100%
Attack Type
Rce | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Connect Box CH7465LG with firmware CH7465LG-NCIP-6.12.18.24-5p8-NOSH or older
No auth needed
Prerequisites: Network access to the router's web interface
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://xitan.me/posts/connect-box-ch7465lg-rce/

Scores

CVSS v3 9.8
EPSS 0.0332
EPSS Percentile 87.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78 CWE-669
Status published
Products (1)
compal/ch7465lg_firmware ch7465lg-ncip-6.12.18.24-5p8-nosh
Published Oct 02, 2019
Tracked Since Feb 18, 2026