mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
413 lines
12 KiB
JSON
413 lines
12 KiB
JSON
{
|
|
"id": "CVE-2019-9659",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2019-03-11T15:29:00.247",
|
|
"lastModified": "2021-07-21T11:39:23.747",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "La l\u00ednea de alarmas de antirrobo de 433 MHz de Chuango utiliza c\u00f3digo est\u00e1tico en el control RF remoto, permitiendo a un atacante armar, desarmar, o desencadenar la alarma de manera remota mediante ataques de reproducci\u00f3n, tal y como queda demostrado con los productos Chuango patentados y sus dem\u00e1s productos como el sistema de alarmas por wifi EM8617 OV2."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 9.1,
|
|
"baseSeverity": "CRITICAL"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.2
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 6.4
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 4.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-294"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:chuango:wifi_alarm_system_firmware:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E9B80ADC-00EE-448B-BEBB-71DD94E996C9"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:chuango:wifi_alarm_system:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "44611F9D-70AC-4E48-8354-012C2ECFADCE"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:chuango:wifi\\/cellular_smart_home_system_h4_plus_firmware:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AE061D9D-7165-4D77-9754-5CE5D72A5AA4"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:chuango:wifi\\/cellular_smart_home_system_h4_plus:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "18F33986-02BE-4432-B2B6-533268B349C4"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:chuango:awv_plus_wifi_alarm_system_firmware:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B928D182-1F5E-4737-9D78-5BA47C56DDD1"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:chuango:awv_plus_wifi_alarm_system:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "542967D5-1046-4986-AD09-E670CAF965FB"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:chuango:g5w_3g_firmware:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1C0277B5-3ADE-4B28-915F-C1F7F56B7546"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:chuango:g5w_3g:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4DFB1915-79B1-4C4B-99F0-E3842513D490"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:chuango:g5_plus_gsm\\/sms\\/rfid_touch_alarm_system_firmware:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "04E7D9C8-AF36-4993-B96E-EEF51F33CD2B"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:chuango:g5_plus_gsm\\/sms\\/rfid_touch_alarm_system:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B14A21B7-7616-4650-AA20-CC030C6227A7"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:chuango:g3_gsm\\/sms_alarm_system_firmware:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BEAB8117-4951-47BD-8343-A8E8373EBE39"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:chuango:g3_gsm\\/sms_alarm_system:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FD5F3111-1708-43AC-B023-CFC15CEC24AB"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:chuango:g5w_3g_firmware:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1C0277B5-3ADE-4B28-915F-C1F7F56B7546"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:chuango:g5w_3g:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4DFB1915-79B1-4C4B-99F0-E3842513D490"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:chuango:b11_dual-network_alarm_system_firmware:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "028CE8F9-8A5C-4FFB-928F-0D3C46AD2E4D"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:chuango:b11_dual-network_alarm_system:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "75F01FFF-47A6-4042-BEC7-205E7EAD3D02"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:chuango:a8_pstn_alarm_system_firmware:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "42CFD52D-6D88-4C90-9E46-026CE4AF0624"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:chuango:a8_pstn_alarm_system:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8FDDA44A-D74C-4B3A-A617-41130DA37C11"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:chuango:a11_pstn\\/lcd\\/rfid_touch_alarm_system_firmware:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A78DF59F-75C5-4EFD-8A89-DFDBFAAABF5D"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:chuango:a11_pstn\\/lcd\\/rfid_touch_alarm_system:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "097E0DBA-4EB8-4E05-8A5C-EE73BEF48AC7"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:chuango:cg-105s_on-site_alarm_system_firmware:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3495C003-1B3C-42AB-9616-1FD266A90A7F"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:chuango:cg-105s_on-site_alarm_system:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D4814C26-3F89-4849-9E9E-485B5FC0BD68"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:eminent:em8617_ov2_wifi_alarm_system_firmware:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F307DB70-72EF-4F92-89E5-C6FFDC1B59EA"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:eminent:em8617_ov2_wifi_alarm_system:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "01959745-EAEC-4F61-85DD-68E6C81EB664"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2019-9659",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |