Description
On SOYAL AR-727H and AR-829Ev5 devices, all CGI programs allow unauthenticated POST access.
References (5)
Core 5
Core References
Broken Link, Third Party Advisory x_refsource_misc
http://www.nccst.nat.gov.tw
Exploit, Third Party Advisory x_refsource_misc
https://github.com/cvereveal/CVEs/tree/master/CVE-2019-6451
Broken Link x_refsource_misc
http://www.soyal.com/epaper/e-paper-en-117.html
Broken Link x_refsource_misc
https://www.soyal.com/exhibition/cve-2019-6451/
Vendor Advisory x_refsource_misc
https://www.soyal.com.tw/cve-2019-6451/
Scores
CVSS v3
7.5
EPSS
0.0029
EPSS Percentile
52.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-306
Status
published
Products (2)
soyal/ar-727h_firmware
soyal/ar-829ev5_firmware
Published
Jun 06, 2019
Tracked Since
Feb 18, 2026