CVE-2019-7404

Severity CVSS v4.0:
Pending analysis
Type:
CWE-306 Missing Authentication for Critical Function
Publication date:
13/05/2019
Last modified:
21/07/2021

Description

An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. An unauthenticated user can read a log file via an HTTP request containing its full pathname, such as http://192.168.0.1/var/gapm7100_${today's_date}.log for reading a filename such as gapm7100_190101.log.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:lg:gamp-7100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:gamp-7100:-:*:*:*:*:*:*:*
cpe:2.3:o:lg:gapm-7200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:gapm-7200:-:*:*:*:*:*:*:*
cpe:2.3:o:lg:gapm-8000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:lg:gapm-8000:-:*:*:*:*:*:*:*