CVE-2019-19942

HIGH

Swisscom Centro Grande < 6.16.12 and Centro Business 1.0 < 7.10.18 - DNS Spoofing via DHCP Hostname

Title source: llm
STIX 2.1

Description

Missing output sanitation in Swisscom Centro Grande Centro Grande before 6.16.12, Centro Business 1.0 (ADB) before 7.10.18, and Centro Business 2.0 before 8.02.04 allows a remote attacker to perform DNS spoofing against the web interface via crafted hostnames in DHCP requests.

Scores

CVSS v3 7.5
EPSS 0.0163
EPSS Percentile 73.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (2)
swisscom/centro_business 1.0 - 7.10.18
swisscom/centro_grande_firmware < 6.14.06
Published Mar 16, 2020
Tracked Since Feb 18, 2026