Sign-up

ID

VAR-201903-0288


CVE

CVE-2019-9659


TITLE

plural Chuango Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-002406

DESCRIPTION

The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System. plural Chuango The product contains an input validation vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Chuango Wifi Alarm System, etc. are a set of security alarm systems of China Chuango Company. There is a security vulnerability in the 433MHz RF interface in several Chuango products, which is caused by the use of static code in the program. An attacker could exploit this vulnerability to trigger an alarm or cause other harm. The following products are affected: Chuango Wifi Alarm System (all versions); Wifi/Cellular Smart Home System H4 Plus (all versions); Wifi Alarm System AWV Plus (all versions); G5W 3G (all versions); GSM/SMS/RFID Touch Alarm System G5 Plus (all versions); GSM/SMS Alarm System G3 (all versions); G5W (all versions); Dual-Network Alarm System B11 (all versions); PSTN Alarm System A8 (all versions); PSTN/LCD/ RFID Touch Alarm System A11 (all versions); CG-105S On-Site Alarm System (all versions)

Trust: 1.71

sources: NVD: CVE-2019-9659 // JVNDB: JVNDB-2019-002406 // VULHUB: VHN-161094

AFFECTED PRODUCTS

vendor:chuangomodel:cg-105s on-site alarm systemscope:eqversion: -

Trust: 1.0

vendor:chuangomodel:g3 gsm\/sms alarm systemscope:eqversion: -

Trust: 1.0

vendor:chuangomodel:wifi alarm systemscope:eqversion: -

Trust: 1.0

vendor:eminentmodel:em8617 ov2 wifi alarm systemscope:eqversion: -

Trust: 1.0

vendor:chuangomodel:awv plus wifi alarm systemscope:eqversion: -

Trust: 1.0

vendor:chuangomodel:a8 pstn alarm systemscope:eqversion: -

Trust: 1.0

vendor:chuangomodel:wifi\/cellular smart home system h4 plusscope:eqversion: -

Trust: 1.0

vendor:chuangomodel:g5w 3gscope:eqversion: -

Trust: 1.0

vendor:chuangomodel:a11 pstn\/lcd\/rfid touch alarm systemscope:eqversion: -

Trust: 1.0

vendor:chuangomodel:b11 dual-network alarm systemscope:eqversion: -

Trust: 1.0

vendor:chuangomodel:g5 plus gsm\/sms\/rfid touch alarm systemscope:eqversion: -

Trust: 1.0

vendor:chuango security corpmodel:cg-105s on-site alarm systemscope: - version: -

Trust: 0.8

vendor:chuango security corpmodel:dual-network alarm system b11scope: - version: -

Trust: 0.8

vendor:chuango security corpmodel:g5w 3gscope: - version: -

Trust: 0.8

vendor:chuango security corpmodel:gsm/sms alarm system g3scope: - version: -

Trust: 0.8

vendor:chuango security corpmodel:gsm/sms/rfid touch alarm system g5 plusscope: - version: -

Trust: 0.8

vendor:chuango security corpmodel:pstn alarm system a8scope: - version: -

Trust: 0.8

vendor:chuango security corpmodel:pstn/lcd/rfid touch alarm system a11scope: - version: -

Trust: 0.8

vendor:chuango security corpmodel:wifi alarm system awv plusscope: - version: -

Trust: 0.8

vendor:chuango security corpmodel:wifi alarm systemscope: - version: -

Trust: 0.8

vendor:chuango security corpmodel:wifi/cellular smart home system h4 plusscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-002406 // NVD: CVE-2019-9659

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-9659
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-9659
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201903-327
value: CRITICAL

Trust: 0.6

VULHUB: VHN-161094
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-9659
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-161094
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-9659
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-161094 // JVNDB: JVNDB-2019-002406 // CNNVD: CNNVD-201903-327 // NVD: CVE-2019-9659

PROBLEMTYPE DATA

problemtype:CWE-294

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-161094 // JVNDB: JVNDB-2019-002406 // NVD: CVE-2019-9659

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-327

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201903-327

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002406

PATCH
title:Top Pageurl:http://www.chuango.com
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-002406

EXTERNAL IDS
db:NVDid:CVE-2019-9659
Trust: 2.5
db:JVNDBid:JVNDB-2019-002406
Trust: 0.8
db:CNNVDid:CNNVD-201903-327
Trust: 0.7
db:VULHUBid:VHN-161094
Trust: 0.1
sources:
            
            
            VULHUB: VHN-161094 // 
            
            
            
            JVNDB: JVNDB-2019-002406 // 
            
            
            
            CNNVD: CNNVD-201903-327 // 
            
            
            
            NVD: CVE-2019-9659

REFERENCES
url:https://github.com/riiecco/write-ups/tree/master/cve-2019-9659
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-9659
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9659
Trust: 0.8
sources:
            
            
            VULHUB: VHN-161094 // 
            
            
            
            JVNDB: JVNDB-2019-002406 // 
            
            
            
            CNNVD: CNNVD-201903-327 // 
            
            
            
            NVD: CVE-2019-9659

SOURCES
db:VULHUBid:VHN-161094
db:JVNDBid:JVNDB-2019-002406
db:CNNVDid:CNNVD-201903-327
db:NVDid:CVE-2019-9659

LAST UPDATE DATE
2024-11-23T22:45:05.816000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-161094date:2019-03-12T00:00:00
db:JVNDBid:JVNDB-2019-002406date:2019-04-08T00:00:00
db:CNNVDid:CNNVD-201903-327date:2021-07-26T00:00:00
db:NVDid:CVE-2019-9659date:2024-11-21T04:52:04.237

SOURCES RELEASE DATE
db:VULHUBid:VHN-161094date:2019-03-11T00:00:00
db:JVNDBid:JVNDB-2019-002406date:2019-04-08T00:00:00
db:CNNVDid:CNNVD-201903-327date:2019-03-11T00:00:00
db:NVDid:CVE-2019-9659date:2019-03-11T15:29:00.247