Vulnerability Details CVE-2019-19942
Missing output sanitation in Swisscom Centro Grande Centro Grande before 6.16.12, Centro Business 1.0 (ADB) before 7.10.18, and Centro Business 2.0 before 8.02.04 allows a remote attacker to perform DNS spoofing against the web interface via crafted hostnames in DHCP requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2019-19940ff.txt
- https://www.swisscom.ch/en/residential/help/device/internet-router.html
- https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2019-19940ff.txt
- https://www.swisscom.ch/en/residential/help/device/internet-router.html
Products affected by CVE-2019-19942
-
cpe:2.3:a:swisscom:centro_business:1.0
-
cpe:2.3:a:swisscom:centro_business:2.0
-
cpe:2.3:a:swisscom:centro_business:7.10.18
-
cpe:2.3:h:swisscom:centro_grande:-
-
cpe:2.3:o:swisscom:centro_grande_firmware:-
-
cpe:2.3:o:swisscom:centro_grande_firmware:6.12.02
-
cpe:2.3:o:swisscom:centro_grande_firmware:6.14.00