360 router series products version V2.0.61.58897 Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) Vulnerability

Summary

A command injection vulnerability exists when the authorized user passes a crafted parameter to the background process in the router. 

 

 

 

 

 

 

 

 

 

Credit:

The information has been provided by Vendor

The original article can be found at:https://security.360.cn/News/news/id/188.html

 


Details

This affects 360 router series products (360 Safe Router P0,P1,P2,P3,P4), the affected version is V2.0.61.58897.

 

Vulnerable Systems:

360 router series products version V2.0.61.58897

 

CVE Information:

CVE-2018-19031

 

Disclosure Timeline:
Published Date: 11/04/2019