{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-04-04T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. An unrestricted file upload vulnerability in the Front Circle Controller glytoolcgi/settingfile_upload.cgi allows attackers to upload supplied data. This can be used to place attacker controlled code on the filesystem that can be executed and can lead to a reverse root shell."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-05T18:35:19.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/warringaa/CVEs#glory-systems-rbw-100"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-10478", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. An unrestricted file upload vulnerability in the Front Circle Controller glytoolcgi/settingfile_upload.cgi allows attackers to upload supplied data. This can be used to place attacker controlled code on the filesystem that can be executed and can lead to a reverse root shell."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/warringaa/CVEs#glory-systems-rbw-100", "refsource": "MISC", "url": "https://github.com/warringaa/CVEs#glory-systems-rbw-100"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:24:18.609Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/warringaa/CVEs#glory-systems-rbw-100"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-10478", "datePublished": "2019-04-05T18:35:19.000Z", "dateReserved": "2019-03-29T00:00:00.000Z", "dateUpdated": "2024-08-04T22:24:18.609Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:glory-global:rbw-100_firmware:isp-k05-02_7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "5094CA26-FEBC-4328-BAD4-3548231E05B5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:glory-global:rbw-100:-:*:*:*:*:*:*:*", "matchCriteriaId": "6395F6E8-6C64-4DE7-B7BC-67DE9E4C8BF8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. An unrestricted file upload vulnerability in the Front Circle Controller glytoolcgi/settingfile_upload.cgi allows attackers to upload supplied data. This can be used to place attacker controlled code on the filesystem that can be executed and can lead to a reverse root shell."}, {"lang": "es", "value": "Se ha descubierto un problema con el firmware ISP-K05-02 7.0.0 en dispositivos de Glory RBW-100. Una vulnerabilidad de subida de archivos sin restricciones en el controlador \"Front Circle\" en glytoolcgi/settingfile_upload.cgi permite que los atacantes suban datos proporcionados. Esta vulnerabilidad se puede utilizar para introducir c\u00f3digo controlado por el atacante en el sistema de archivos para que se ejecute, lo cual puede conducir a un shell root inverso."}], "id": "CVE-2019-10478", "lastModified": "2024-11-21T04:19:13.353", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-05T19:29:00.217", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/warringaa/CVEs#glory-systems-rbw-100"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/warringaa/CVEs#glory-systems-rbw-100"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}