CVE-2019-12941

Exploit

EPSS 2.38%
Veröffentlicht 14.10.2019 18:15:10
Zuletzt bearbeitet 21.11.2024 04:23:52
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. The default WiFi password and WiFi SSID are derived from the same hash function output (input is only 8 characters), which allows an attacker to deduce the WiFi password from the WiFi SSID.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Autopi ≫ Wi-fi/nb Firmware Version < 2019-10-15

Autopi ≫ Wi-fi/nb Version-

Autopi ≫ 4g/lte Firmware Version < 2019-10-15

Autopi ≫ 4g/lte Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.38%	0.817

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

http://www.diva-portal.org/smash/get/diva2:1334244/FULLTEXT01.pdf

Third Party Advisory

Exploit

https://www.kth.se/nse/research/software-systems-architecture-and-security/

Third Party Advisory

https://www.kth.se/polopoly_fs/1.931922.1571071632%21/Burdzovic_Matsson_dongle_v2.pdf

https://nvd.nist.gov/vuln/detail/CVE-2019-12941

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-12941

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-12941

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-12941