Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
725
VMScore

CVE-2019-7385

Published: 21/03/2019 Updated: 01/02/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 725
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Iscom Ht803g-u Firmware

Vulnerability Summary

An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below, The values of the newpass and confpass parameters in /bin/WebMGR are used in a system call in the firmware. Because there is no user input validation, this leads to authenticated code execution on the device.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

raisecom iscom_ht803g-u_firmware

raisecom iscom_ht803g-w_firmware

raisecom iscom_ht803g-1ge_firmware

raisecom iscom_ht803g_gpon_firmware

Exploits

Exploit DB: Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution
# Exploit Title: Remote code execution in Raisecom xpon # Date: 03/03/2019 # Exploit Author: JameelNabbo # Website: Ordinanl # Vendor Homepage: wwwraisecomcom # Software Link: wwwraisecomcom/products/xpon # Version: ISCOMHT803G-U_200_140521_R4147002 # Tested on: MacOSX # CVE-2019-7385 POC: curl -i -s -k -X 'POST' \ -H 'Or ...
Exploit DB: Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 Remote Code Execution
Raisecom XPON ISCOMHT803G-U_200_140521_R4147002 remote code execution proof of concept exploit ...

References

CWE-78https://s3curityb3ast.github.iohttp://www.securityfocus.com/bid/107030http://www.breakthesec.com/search/label/0dayhttp://seclists.org/fulldisclosure/2019/Feb/34http://packetstormsecurity.com/files/151650/Raisecom-Technology-GPON-ONU-HT803G-07-Command-Injection.htmlhttp://breakthesec.comhttps://s3curityb3ast.github.io/KSA-Dev-006.mdhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/46489
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook