Sign-up

ID

VAR-201904-0918


CVE

CVE-2019-11414


TITLE

Intelbras IWR 3000N Vulnerability related to password management function in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-003553

DESCRIPTION

An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router. Intelbras IWR 3000N The device contains a vulnerability related to the password management function.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intelbras IWR 3000N is a wireless router produced by Intelbras in Poland. There is an authorization problem vulnerability in Intelbras IWR 3000N version 1.5.0. The vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

Trust: 1.71

sources: NVD: CVE-2019-11414 // JVNDB: JVNDB-2019-003553 // VULHUB: VHN-143058

AFFECTED PRODUCTS

vendor:intelbrasmodel:iwr 3000nscope:eqversion:1.5.0

Trust: 1.8

sources: JVNDB: JVNDB-2019-003553 // NVD: CVE-2019-11414

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11414
value: HIGH

Trust: 1.0

NVD: CVE-2019-11414
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-1028
value: HIGH

Trust: 0.6

VULHUB: VHN-143058
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-11414
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-143058
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11414
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-143058 // JVNDB: JVNDB-2019-003553 // CNNVD: CNNVD-201904-1028 // NVD: CVE-2019-11414

PROBLEMTYPE DATA

problemtype:CWE-640

Trust: 1.9

sources: VULHUB: VHN-143058 // JVNDB: JVNDB-2019-003553 // NVD: CVE-2019-11414

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-1028

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201904-1028

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003553

PATCH
title:IWR 3000Nurl:https://www.intelbras.com/pt-br/roteador-wireless-com-ipv6-iwr-3000n
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-003553

EXTERNAL IDS
db:NVDid:CVE-2019-11414
Trust: 2.5
db:JVNDBid:JVNDB-2019-003553
Trust: 0.8
db:CNNVDid:CNNVD-201904-1028
Trust: 0.7
db:VULHUBid:VHN-143058
Trust: 0.1
sources:
            
            
            VULHUB: VHN-143058 // 
            
            
            
            JVNDB: JVNDB-2019-003553 // 
            
            
            
            CNNVD: CNNVD-201904-1028 // 
            
            
            
            NVD: CVE-2019-11414

REFERENCES
url:http://1.337.zone/2019/04/07/intelbras-iwr-3000n-1-5-0-unproper-de-authorization/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-11414
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11414
Trust: 0.8
sources:
            
            
            VULHUB: VHN-143058 // 
            
            
            
            JVNDB: JVNDB-2019-003553 // 
            
            
            
            CNNVD: CNNVD-201904-1028 // 
            
            
            
            NVD: CVE-2019-11414

SOURCES
db:VULHUBid:VHN-143058
db:JVNDBid:JVNDB-2019-003553
db:CNNVDid:CNNVD-201904-1028
db:NVDid:CVE-2019-11414

LAST UPDATE DATE
2024-11-23T23:11:53.511000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-143058date:2019-04-22T00:00:00
db:JVNDBid:JVNDB-2019-003553date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-1028date:2019-04-23T00:00:00
db:NVDid:CVE-2019-11414date:2024-11-21T04:21:04.067

SOURCES RELEASE DATE
db:VULHUBid:VHN-143058date:2019-04-22T00:00:00
db:JVNDBid:JVNDB-2019-003553date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-1028date:2019-04-22T00:00:00
db:NVDid:CVE-2019-11414date:2019-04-22T11:29:05.283