An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. An unauthenticated user can read a log file via an HTTP request containing its full pathname, such as http://192.168.0.1/var/gapm7100_${today's_date}.log for reading a filename such as gapm7100_190101.log.
References
Link | Resource |
---|---|
https://github.com/epistemophilia/CVEs/blob/master/LG-GAMP-Routers/CVE-2019-7404/poc-cve-2019-7404.py | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Information
Published : 2019-05-13 07:29
Updated : 2021-07-21 04:39
NVD link : CVE-2019-7404
Mitre link : CVE-2019-7404
JSON object : View
CWE
CWE-306
Missing Authentication for Critical Function
Products Affected
lg
- gamp-7100
- gapm-7200
- gapm-8000
- gapm-8000_firmware
- gapm-7200_firmware
- gamp-7100_firmware