9

CVE-2019-13379

Exploit

EPSS 8.35%
Veröffentlicht 07.07.2019 16:15:10
Zuletzt bearbeitet 21.11.2024 04:24:49
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Avtech ≫ Room Alert 3e Firmware Version < 2.2.5

Avtech ≫ Room Alert 3e Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	8.35%	0.921

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010

https://jordonlovik.wordpress.com/2019/07/06/roomalert-by-avtech-critical-vulnerability-disclosure/

Third Party Advisory

Exploit

https://www.youtube.com/watch?v=X1PY7kMFkVg

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2019-13379

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-13379

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-13379

EUVD