Details of VAR-201903-1400

ID

VAR-201903-1400

CVE

CVE-2019-10657

TITLE

Grandstream GWN7000 and GWN7610 Information disclosure vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-003085

DESCRIPTION

Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request. Grandstream GWN7000 and GWN7610 The device contains an information disclosure vulnerability.Information may be obtained. Both Grandstream GWN7610 and Grandstream GWN7000 are products of Grandstream. Grandstream GWN7610 is a wireless access point device. Grandstream GWN7000 is an enterprise VPN router. The vulnerability stems from configuration errors during the operation of the network system or product. An unauthorized attacker could use the vulnerability to obtain sensitive information about the affected component

Trust: 2.16

sources: NVD: CVE-2019-10657 // JVNDB: JVNDB-2019-003085 // CNVD: CNVD-2019-42875

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-42875

AFFECTED PRODUCTS

vendor:	grandstream	model:	gwn7000	scope:	lt	version:	1.0.6.32	Trust: 1.8
vendor:	grandstream	model:	gwn7610	scope:	lt	version:	1.0.8.18	Trust: 1.8
vendor:	grandstream	model:	gwn7610	scope:	lt	version:	1.0.6.32	Trust: 0.6
vendor:	grandstream	model:	gwn7000	scope:	lt	version:	1.0.8.18	Trust: 0.6

sources: CNVD: CNVD-2019-42875 // JVNDB: JVNDB-2019-003085 // NVD: CVE-2019-10657

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10657
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-10657
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-42875
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201903-1222
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-10657
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-42875
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-10657
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-10657
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-42875 // JVNDB: JVNDB-2019-003085 // CNNVD: CNNVD-201903-1222 // NVD: CVE-2019-10657

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	CWE-200	Trust: 0.8

sources: JVNDB: JVNDB-2019-003085 // NVD: CVE-2019-10657

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-1222

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201903-1222

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003085

PATCH

title:	Top Page	url:	http://www.grandstream.com/	Trust: 0.8
title:	Patch for Grandstream GWN7000 and Grandstream GWN7610 Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/192491	Trust: 0.6
title:	Grandstream GWN7610 and Grandstream GWN7000 Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90906	Trust: 0.6

sources: CNVD: CNVD-2019-42875 // JVNDB: JVNDB-2019-003085 // CNNVD: CNNVD-201903-1222

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10657	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-003085	Trust: 0.8
db:	CNVD	id:	CNVD-2019-42875	Trust: 0.6
db:	CNNVD	id:	CNNVD-201903-1222	Trust: 0.6

sources: CNVD: CNVD-2019-42875 // JVNDB: JVNDB-2019-003085 // CNNVD: CNNVD-201903-1222 // NVD: CVE-2019-10657

REFERENCES

url:	https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10657	Trust: 2.0
url:	https://github.com/scarvell/grandstream_exploits	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10657	Trust: 0.8

sources: CNVD: CNVD-2019-42875 // JVNDB: JVNDB-2019-003085 // CNNVD: CNNVD-201903-1222 // NVD: CVE-2019-10657

SOURCES

db:	CNVD	id:	CNVD-2019-42875
db:	JVNDB	id:	JVNDB-2019-003085
db:	CNNVD	id:	CNNVD-201903-1222
db:	NVD	id:	CVE-2019-10657

LAST UPDATE DATE

2024-11-23T22:30:07.385000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-42875	date:	2019-11-29T00:00:00
db:	JVNDB	id:	JVNDB-2019-003085	date:	2019-05-09T00:00:00
db:	CNNVD	id:	CNNVD-201903-1222	date:	2020-10-28T00:00:00
db:	NVD	id:	CVE-2019-10657	date:	2024-11-21T04:19:41.440

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-42875	date:	2019-11-29T00:00:00
db:	JVNDB	id:	JVNDB-2019-003085	date:	2019-05-09T00:00:00
db:	CNNVD	id:	CNNVD-201903-1222	date:	2019-03-30T00:00:00
db:	NVD	id:	CVE-2019-10657	date:	2019-03-30T17:29:00.480