From d74d3f53c029deb39837784bcc419dfff4b6067e Mon Sep 17 00:00:00 2001 From: yinnping Date: Wed, 25 Sep 2019 21:14:48 +0800 Subject: [PATCH] Adding TWCERT/CC CVE-2019-15067 CVE-2019-15068 CVE-2019-15069 --- 2019/15xxx/CVE-2019-15067.json | 83 ++++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15068.json | 83 ++++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15069.json | 83 ++++++++++++++++++++++++++++++++++ 3 files changed, 249 insertions(+) create mode 100644 2019/15xxx/CVE-2019-15067.json create mode 100644 2019/15xxx/CVE-2019-15068.json create mode 100644 2019/15xxx/CVE-2019-15069.json diff --git a/2019/15xxx/CVE-2019-15067.json b/2019/15xxx/CVE-2019-15067.json new file mode 100644 index 00000000000..94dd2017493 --- /dev/null +++ b/2019/15xxx/CVE-2019-15067.json @@ -0,0 +1,83 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@cert.org.tw", + "DATE_PUBLIC": "2019-09-24T16:00:00.000Z", + "ID": "CVE-2019-15067", + "STATE": "PUBLIC", + "TITLE": "An authentication bypass vulnerability discovered in Smart Battery A2-25DE" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Smart Battery A2-25DE", + "version": { + "version_data": [ + { + "version_affected": "?<=", + "version_name": "Firmware", + "version_value": "SECFS-2013-10-16-13:42:58-629c30ee-60c68be6" + } + ] + } + } + ] + }, + "vendor_name": "Gigastone" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng, Julian Chen" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?<= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. An attacker can bypass authentication and gain privilege by modifying the login page." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.8" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908002", + "refsource": "CONFIRM", + "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908002" + }, + { + "name": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=44", + "refsource": "CONFIRM", + "url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=44" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15068.json b/2019/15xxx/CVE-2019-15068.json new file mode 100644 index 00000000000..8504923c1ca --- /dev/null +++ b/2019/15xxx/CVE-2019-15068.json @@ -0,0 +1,83 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@cert.org.tw", + "DATE_PUBLIC": "2019-09-24T16:00:00.000Z", + "ID": "CVE-2019-15068", + "STATE": "PUBLIC", + "TITLE": "A broken access control vulnerability discovered in Smart Battery A4" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Smart Battery A4", + "version": { + "version_data": [ + { + "version_affected": "?<=", + "version_name": "Firmware", + "version_value": "r1.7.9" + } + ] + } + } + ] + }, + "vendor_name": "Gigastone" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 allows an attacker to get/reset administrator’s password without any authentication." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.8" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003", + "refsource": "CONFIRM", + "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003" + }, + { + "name": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=45", + "refsource": "CONFIRM", + "url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=45" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15069.json b/2019/15xxx/CVE-2019-15069.json new file mode 100644 index 00000000000..2207f89e3a3 --- /dev/null +++ b/2019/15xxx/CVE-2019-15069.json @@ -0,0 +1,83 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@cert.org.tw", + "DATE_PUBLIC": "2019-09-24T16:00:00.000Z", + "ID": "CVE-2019-15069", + "STATE": "PUBLIC", + "TITLE": "An unsafe authentication interface was discovered in Smart Battery A4" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Smart Battery A4", + "version": { + "version_data": [ + { + "version_affected": "?<=", + "version_name": "Firmware", + "version_value": "r1.7.9" + } + ] + } + } + ] + }, + "vendor_name": "Gigastone" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.8" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unsafe authentication interface" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004", + "refsource": "CONFIRM", + "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004" + }, + { + "name": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=46", + "refsource": "CONFIRM", + "url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=46" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + } +} \ No newline at end of file