Vulnerability Details CVE-2019-10478
An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. An unrestricted file upload vulnerability in the Front Circle Controller glytoolcgi/settingfile_upload.cgi allows attackers to upload supplied data. This can be used to place attacker controlled code on the filesystem that can be executed and can lead to a reverse root shell.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.7%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 9.0
References
Products affected by CVE-2019-10478
-
cpe:2.3:h:glory-global:rbw-100:-
-
cpe:2.3:o:glory-global:rbw-100_firmware:isp-k05-02_7.0.0