Description
A command injection vulnerability exists when the authorized user passes crafted parameter to background process in the router. This affects 360 router series products (360 Safe Router P0,P1,P2,P3,P4), the affected version is V2.0.61.58897.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- network
- Complexity
- low
- Privileges
- low
- User Action
- none
- Scope
- unchanged
- Confidentiality
- high
- Integrity
- high
- Availability
- high
- Weaknesses
- CWE-77
Metadata
- Primary Vendor
- 360
- Published
- 11/4/2019
- Last Modified
- 11/21/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
360 : safe_router_p0_firmware360 : safe_router_p1_firmware360 : safe_router_p2_firmware360 : safe_router_p3_firmware360 : safe_router_p4_firmware
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.