{"id":"CVE-2019-6962","details":"A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process (running as root) if the platform was compiled with the ENABLE_FEATURE_MESHWIFI macro. The attack is conducted by changing the Wi-Fi network password to include crafted escape characters. This is related to the WebUI module.","modified":"2026-04-11T21:03:18.587455Z","published":"2019-06-20T14:15:11.110Z","references":[{"type":"ADVISORY","url":"https://dojo.bullguard.com/dojo-by-bullguard/blog/the-gateway-is-wide-open"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rdkcmf/rdkb-ccsppandm","events":[{"introduced":"0"},{"last_affected":"8a7ae1ac0b29785bae165760e340c245f9d2d5e3"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"rdkb-20181217-1"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:rdkcentral:rdkb_ccsppandm:rdkb-20181217-1:*:*:*:*:*:*:*"}}],"versions":["IMPORT_INITIAL","RDKB-20181114","RDKB-20181114-1","RDKB-20181115","RDKB-20181217","RDKB-20181217-1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-6962.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}