CVE-2019-19942
HIGHSwisscom Centro Grande < 6.16.12 and Centro Business 1.0 < 7.10.18 - DNS Spoofing via DHCP Hostname
Title source: llmDescription
Missing output sanitation in Swisscom Centro Grande Centro Grande before 6.16.12, Centro Business 1.0 (ADB) before 7.10.18, and Centro Business 2.0 before 8.02.04 allows a remote attacker to perform DNS spoofing against the web interface via crafted hostnames in DHCP requests.
References (2)
Core 2
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2019-19940ff.txt
Product x_refsource_misc
https://www.swisscom.ch/en/residential/help/device/internet-router.html
Scores
CVSS v3
7.5
EPSS
0.0163
EPSS Percentile
73.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (2)
swisscom/centro_business
1.0 - 7.10.18
swisscom/centro_grande_firmware
< 6.14.06
Published
Mar 16, 2020
Tracked Since
Feb 18, 2026