MidnightBSD

Advisories for coship

CVE-2018-8772 MEDIUM

Coship RT3052 4.0.0.48 devices allow XSS via a crafted SSID field on the "Wireless Setting - Basic" screen.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
coship rt3052_firmware 4.0.0.48
CVE-2019-19822 MEDIUM

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
totolink n150rt_firmware *
totolink a3002ru_firmware *
ciktel mesh_router_firmware *
coship emta_ap_firmwre *
kctvjeju wireless_ap_firmware *
tbroad gn-866ac_firmware *
totolink n100re_firmware *
totolink n200re_firmware *
realtek rtk_11n_ap_firmware *
totolink a702r_firmware *
iodata wn-ac1167r_firmwre *
hiwifi max-c300n_firmware *
totolink n302r_firmware *
hcn_max-c300n_project hcn_max-c300n_firmware *
sapido gr297n_firmware *
fg-products fgn-r2_firmware *
totolink n300rt_firmware *
totolink n301rt_firmware *
CVE-2019-19823 MEDIUM

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
totolink n150rt_firmware *
totolink a3002ru_firmware *
ciktel mesh_router_firmware *
coship emta_ap_firmwre *
kctvjeju wireless_ap_firmware *
tbroad gn-866ac_firmware *
totolink n100re_firmware *
totolink n200re_firmware *
realtek rtk_11n_ap_firmware *
totolink a702r_firmware *
iodata wn-ac1167r_firmwre *
hiwifi max-c300n_firmware *
totolink n302r_firmware *
hcn_max-c300n_project hcn_max-c300n_firmware *
sapido gr297n_firmware *
fg-products fgn-r2_firmware *
totolink n300rt_firmware *
totolink n301rt_firmware *
CVE-2019-6441 HIGH

An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
coship wm3300_firmware 5.0.0.54
coship rt7620_firmware 10.0.0.49
coship rt3052_firmware 4.0.0.48
coship rt3050_firmware 4.0.0.40
coship wm3300_firmware 5.0.0.55
CVE-2019-7564 HIGH

An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wl_security_2G.asp URI, the attacker can change the password of the Wi-FI network.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
coship wm3300_firmware 5.0.0.54
coship rt7620_firmware 10.0.0.49
coship rt3052_firmware 4.0.0.48
coship rt3050_firmware 4.0.0.40
coship wm3300_firmware 5.0.0.55