CVE-2019-6962

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-6962

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-6962.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-6962

Published

2019-06-20T14:15:11.110Z

Modified

2026-03-12T23:17:28.945607Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A shell injection issue in cosawifiapis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process (running as root) if the platform was compiled with the ENABLEFEATUREMESHWIFI macro. The attack is conducted by changing the Wi-Fi network password to include crafted escape characters. This is related to the WebUI module.

References

https://dojo.bullguard.com/dojo-by-bullguard/blog/the-gateway-is-wide-open

Affected packages

Git / github.com/rdkcmf/rdkb-ccsppandm

Affected ranges

Type

GIT

Repo

https://github.com/rdkcmf/rdkb-ccsppandm

Events

Introduced

Last affected

8a7ae1ac0b29785bae165760e340c245f9d2d5e3

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "rdkb-20181217-1"
        }
    ]
}

Affected versions

Other

IMPORT_INITIAL

RDKB-20181114

RDKB-20181114-1

RDKB-20181115

RDKB-20181217

RDKB-20181217-1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-6962.json"