CVE-2019-6441

CRITICAL

Coship Rt3050 Firmware - Authentication Bypass

Title source: rule

Description

An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.

Exploits (1)

exploitdb WORKING POC

by Adithyan AK · htmlwebappshardware

https://www.exploit-db.com/exploits/46180

View Code ZIP pw:eip

References (6)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/151202/Coship-Wireless-Router-Unauthenticated-Admin-Password-Reset.html

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/151202/Coship-Wireless-Router-Unauthenticated-Admin-Password-Reset.html

[Exploit, Third Party Advisory] https://vulmon.com/exploitdetails?qidtp=EDB&qid=46180

[Exploit, Third Party Advisory] https://www.anquanke.com/vul/id/1451446

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/46180

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/46180/

Scores

CVSS v3 9.8

EPSS 0.4956

EPSS Percentile 97.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (5)

coship/rt3050_firmware 4.0.0.40

coship/rt3052_firmware 4.0.0.48

coship/rt7620_firmware 10.0.0.49

coship/wm3300_firmware 5.0.0.54

coship/wm3300_firmware 5.0.0.55

Published Mar 21, 2019

Tracked Since Feb 18, 2026