CVE-2019-7564
CRITICALShenzhen Coship WM3300 WiFi Router 5.0.0.55 - Auth Bypass
Title source: llmDescription
An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wl_security_2G.asp URI, the attacker can change the password of the Wi-FI network.
References (1)
Core 1
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/151595/Coship-Wireless-Router-4.0.0.x-5.0.0.x-Authentication-Bypass.html
Scores
CVSS v3
9.8
EPSS
0.0305
EPSS Percentile
85.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (5)
coship/rt3050_firmware
4.0.0.40
coship/rt3052_firmware
4.0.0.48
coship/rt7620_firmware
10.0.0.49
coship/wm3300_firmware
5.0.0.54
coship/wm3300_firmware
5.0.0.55
Published
May 07, 2019
Tracked Since
Feb 18, 2026