Sign-up

ID

VAR-201903-0536


CVE

CVE-2019-9483


TITLE

Amazon Ring Doorbell Vulnerabilities related to cryptographic strength

Trust: 0.8

sources: JVNDB: JVNDB-2019-002117

DESCRIPTION

Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows attackers to obtain audio and video data, or insert spoofed video that does not correspond to the actual person at the door. Amazon Ring Doorbell Contains a cryptographic strength vulnerability.Information may be obtained and information may be altered

Trust: 1.62

sources: NVD: CVE-2019-9483 // JVNDB: JVNDB-2019-002117

AFFECTED PRODUCTS

vendor:amazonmodel:ring video doorbellscope:ltversion:3.4.7

Trust: 1.0

vendor:amazon commodel:ring video doorbellscope:ltversion:3.4.7

Trust: 0.8

sources: JVNDB: JVNDB-2019-002117 // NVD: CVE-2019-9483

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-9483
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-9483
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201903-005
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-9483
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2019-9483
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2019-002117 // CNNVD: CNNVD-201903-005 // NVD: CVE-2019-9483

PROBLEMTYPE DATA

problemtype:CWE-327

Trust: 1.0

problemtype:CWE-326

Trust: 0.8

sources: JVNDB: JVNDB-2019-002117 // NVD: CVE-2019-9483

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-005

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201903-005

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002117

PATCH
title:Top Pageurl:https://ring.com/
Trust: 0.8
title:Amazon Ring Doorbell Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89819
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-002117 // 
            
            
            
            CNNVD: CNNVD-201903-005

EXTERNAL IDS
db:NVDid:CVE-2019-9483
Trust: 2.4
db:JVNDBid:JVNDB-2019-002117
Trust: 0.8
db:CNNVDid:CNNVD-201903-005
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-002117 // 
            
            
            
            CNNVD: CNNVD-201903-005 // 
            
            
            
            NVD: CVE-2019-9483

REFERENCES
url:https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/
Trust: 2.4
url:https://www.theverge.com/2019/2/27/18243296/ring-doorbell-hacked-fake-images-security-experts
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-9483
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9483
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-002117 // 
            
            
            
            CNNVD: CNNVD-201903-005 // 
            
            
            
            NVD: CVE-2019-9483

SOURCES
db:JVNDBid:JVNDB-2019-002117
db:CNNVDid:CNNVD-201903-005
db:NVDid:CVE-2019-9483

LAST UPDATE DATE
2024-11-23T21:52:27.382000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2019-002117date:2019-04-03T00:00:00
db:CNNVDid:CNNVD-201903-005date:2021-07-26T00:00:00
db:NVDid:CVE-2019-9483date:2024-11-21T04:51:42.390

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2019-002117date:2019-04-03T00:00:00
db:CNNVDid:CNNVD-201903-005date:2019-03-01T00:00:00
db:NVDid:CVE-2019-9483date:2019-03-01T05:29:01.133