CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-7387

A local file inclusion vulnerability exists in the web interface of Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. When the export function is called from system/maintenance/export.php, it accepts the path provided by the user, leading to path traversal via the name parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 59.4%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

Products affected by CVE-2019-7387

Systrome » Isg-600c » Version: N/A

cpe:2.3:h:systrome:isg-600c:-
Systrome » Isg-600h » Version: N/A

cpe:2.3:h:systrome:isg-600h:-
Systrome » Isg-800w » Version: N/A

cpe:2.3:h:systrome:isg-800w:-
Systrome » Isg-600c Firmware » Version: 1.1-r2.1_trunk-20180914

cpe:2.3:o:systrome:isg-600c_firmware:1.1-r2.1_trunk-20180914
Systrome » Isg-600h Firmware » Version: 1.1-r2.1_trunk-20180914

cpe:2.3:o:systrome:isg-600h_firmware:1.1-r2.1_trunk-20180914
Systrome » Isg-800w Firmware » Version: 1.1-r2.1_trunk-20180914

cpe:2.3:o:systrome:isg-800w_firmware:1.1-r2.1_trunk-20180914

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-7387

Products

Pricing

Contact Us