Sign-up

ID

VAR-201808-0459


CVE

CVE-2018-15479


TITLE

plural myStrom Authentication vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-010246

DESCRIPTION

An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. Devices did not authenticate themselves to the cloud in device to cloud communication. This lack of device authentication allowed an attacker to impersonate any device by guessing or learning their MAC address. plural myStrom The product contains authentication vulnerabilities.Information may be obtained and information may be altered

Trust: 1.62

sources: NVD: CVE-2018-15479 // JVNDB: JVNDB-2018-010246

IOT TAXONOMY

category:['network device']sub_category:switch

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:mystrommodel:wifi bulbscope:ltversion:2.58

Trust: 1.8

vendor:mystrommodel:wifi button plusscope:ltversion:2.73

Trust: 1.8

vendor:mystrommodel:wifi buttonscope:ltversion:2.73

Trust: 1.8

vendor:mystrommodel:wifi led stripscope:ltversion:3.80

Trust: 1.8

vendor:mystrommodel:wifi switch euscope:ltversion:3.80

Trust: 1.8

vendor:mystrommodel:wifi switchscope:ltversion:3.80

Trust: 1.0

vendor:mystrommodel:wifi switchscope:ltversion:2.66

Trust: 1.0

vendor:mystrommodel:wifi switchscope:ltversion:v1 2.66

Trust: 0.8

vendor:mystrommodel:wifi switchscope:ltversion:v2 3.80

Trust: 0.8

sources: JVNDB: JVNDB-2018-010246 // NVD: CVE-2018-15479

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15479
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-15479
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201808-970
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2018-15479
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2018-15479
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2018-010246 // CNNVD: CNNVD-201808-970 // NVD: CVE-2018-15479

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2018-010246 // NVD: CVE-2018-15479

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-970

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201808-970

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010246

PATCH
title:Top Pageurl:https://mystrom.ch/
Trust: 0.8
title:Multiple myStrom WiFi Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84385
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-010246 // 
            
            
            
            CNNVD: CNNVD-201808-970

EXTERNAL IDS
db:NVDid:CVE-2018-15479
Trust: 2.5
db:JVNDBid:JVNDB-2018-010246
Trust: 0.8
db:CNNVDid:CNNVD-201808-970
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2018-010246 // 
            
            
            
            CNNVD: CNNVD-201808-970 // 
            
            
            
            NVD: CVE-2018-15479

REFERENCES
url:https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2018-15476ff.txt
Trust: 2.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15479
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15479
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2018-010246 // 
            
            
            
            CNNVD: CNNVD-201808-970 // 
            
            
            
            NVD: CVE-2018-15479

SOURCES
db:OTHERid: - 
db:JVNDBid:JVNDB-2018-010246
db:CNNVDid:CNNVD-201808-970
db:NVDid:CVE-2018-15479

LAST UPDATE DATE
2025-01-30T19:53:13.885000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2018-010246date:2018-12-10T00:00:00
db:CNNVDid:CNNVD-201808-970date:2018-08-31T00:00:00
db:NVDid:CVE-2018-15479date:2024-11-21T03:50:54.050

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2018-010246date:2018-12-10T00:00:00
db:CNNVDid:CNNVD-201808-970date:2018-08-31T00:00:00
db:NVDid:CVE-2018-15479date:2018-08-30T17:29:01.503