CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-7384

An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below. The value of the fmgpon_loid parameter is used in a system call inside the boa binary. Because there is no user input validation, this leads to authenticated code execution on the device.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.2%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 7.2

References

Products affected by CVE-2019-7384

Raisecom » Iscom Ht803g-1ge » Version: N/A

cpe:2.3:h:raisecom:iscom_ht803g-1ge:-
Raisecom » Iscom Ht803g-U » Version: N/A

cpe:2.3:h:raisecom:iscom_ht803g-u:-
Raisecom » Iscom Ht803g-W » Version: N/A

cpe:2.3:h:raisecom:iscom_ht803g-w:-
Raisecom » Iscom Ht803g Gpon » Version: N/A

cpe:2.3:h:raisecom:iscom_ht803g_gpon:-
Raisecom » Iscom Ht803g-1ge Firmware » Version: Any

cpe:2.3:o:raisecom:iscom_ht803g-1ge_firmware:*
Raisecom » Iscom Ht803g-U Firmware » Version: iscomht803g-u_2.0.0_140521_r4.1.47.002

cpe:2.3:o:raisecom:iscom_ht803g-u_firmware:iscomht803g-u_2.0.0_140521_r4.1.47.002
Raisecom » Iscom Ht803g-W Firmware » Version: Any

cpe:2.3:o:raisecom:iscom_ht803g-w_firmware:*
Raisecom » Iscom Ht803g Gpon Firmware » Version: Any

cpe:2.3:o:raisecom:iscom_ht803g_gpon_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-7384

Products

Pricing

Contact Us