CVE-2019-7404
Severity CVSS v4.0:
Pending analysis
Type:
CWE-306
Missing Authentication for Critical Function
Publication date:
13/05/2019
Last modified:
21/07/2021
Description
An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. An unauthenticated user can read a log file via an HTTP request containing its full pathname, such as http://192.168.0.1/var/gapm7100_${today's_date}.log for reading a filename such as gapm7100_190101.log.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:lg:gamp-7100_firmware:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:lg:gamp-7100:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:lg:gapm-7200_firmware:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:lg:gapm-7200:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:lg:gapm-8000_firmware:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:lg:gapm-8000:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page