9.8

CVE-2019-3949

EPSS 0.5%
Published 09.07.2019 18:15:11
Last modified 21.11.2024 04:42:55
Source vulnreport@tenable.com
Teams watchlist Login
Open Login

Arlo Basestation firmware 1.12.0.1_27940 and prior firmware contain a networking misconfiguration that allows access to restricted network interfaces. This could allow an attacker to upload or download arbitrary files and possibly execute malicious code on the device.

Affected products Warnungen 0 Metrics 3 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Arlo ≫ Vmb3010 Firmware Version < 1.12.2.3_2762

Arlo ≫ Vmb3010 Version-

Arlo ≫ Vmb4000 Firmware Version < 1.12.2.3_2762

Arlo ≫ Vmb4000 Version-

Arlo ≫ Vmb3500 Firmware Version < 1.12.2.4_2773

Arlo ≫ Vmb3500 Version-

Arlo ≫ Vmb4500 Firmware Version < 1.12.2.4_2773

Arlo ≫ Vmb4500 Version-

Arlo ≫ Vmb5000 Firmware Version < 1.12.2.2_2824

Arlo ≫ Vmb5000 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.5%	0.633

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

https://kb.arlo.com/000062274/Security-Advisory-for-Networking-Misconfiguration-and-Insufficient-UART-Protection-Mechanisms

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-3949

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-3949

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-3949

EUVD