CVE-2019-19940
HIGHSwisscom Centro Grande Firmware < 6.14.06 - Authenticated OS Command Injection via Text Interface
Title source: llmDescription
Incorrect input sanitation in text-oriented user interfaces (telnet, ssh) in Swisscom Centro Grande before 6.16.12 allows remote authenticated users to execute arbitrary commands via command injection.
References (2)
Core 2
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2019-19940ff.txt
Product x_refsource_misc
https://www.swisscom.ch/en/residential/help/device/internet-router.html
Scores
CVSS v3
7.2
EPSS
0.0492
EPSS Percentile
91.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
swisscom/centro_grande_firmware
< 6.14.06
Published
Mar 16, 2020
Tracked Since
Feb 18, 2026