8.8

CVE-2019-15745

Exploit

EPSS 0.19%
Veröffentlicht 29.08.2019 13:15:11
Zuletzt bearbeitet 21.11.2024 04:29:23
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Eques elf smart plug and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication happens over UDP port 27431. An attacker on the local network can use the same key to encrypt and send commands to discover all smart plugs in a network, take over control of a device, and perform actions such as turning it on and off.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Equeshome ≫ Elf Smart Plug Firmware Version-

Equeshome ≫ Elf Smart Plug Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.379

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:P/I:N/A:N

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://github.com/iamckn/eques

Third Party Advisory

Exploit

https://www.ckn.io/blog/2019/08/27/exploiting-the-eques-elf-smart-plug-part-four/

Third Party Advisory

Exploit

https://www.ckn.io/blog/2019/08/27/exploiting-the-eques-elf-smart-plug-part-one/

Third Party Advisory

Exploit

https://www.ckn.io/blog/2019/08/27/exploiting-the-eques-elf-smart-plug-part-three/

Third Party Advisory

Exploit

https://www.ckn.io/blog/2019/08/27/exploiting-the-eques-elf-smart-plug-part-two/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2019-15745

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-15745

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-15745

EUVD