Details of VAR-201905-1153

ID

VAR-201905-1153

CVE

CVE-2019-11561

TITLE

plural Chuango Access control vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-004420

DESCRIPTION

The Chuango 433 MHz burglar-alarm product line is vulnerable to a Denial of Service attack. When the condition is triggered, the OV2 base station is unable to process sensor states and effectively prevents the alarm from setting off, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System. plural Chuango The product contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Chuango Wifi Alarm System, etc. are a set of security alarm systems of China Chuango Company. Security flaws exist in several Chuango products. The following products and versions are affected: Chuango Wifi Alarm System (all versions); Chuango Wifi/Cellular Smart Home System H4 Plus (all versions); Wifi Alarm System AWV Plus (all versions); G5W 3G (all versions); GSM/SMS /RFID Touch Alarm System G5 Plus (all versions); Chuango GSM/SMS Alarm System G3 (all versions); G5W (all versions); Dual-Network Alarm System B11 (all versions); PSTN Alarm System A8 (all versions); PSTN/LCD/RFID Touch Alarm System A11 (all versions); CG-105S On-Site Alarm System (all versions)

Trust: 1.71

sources: NVD: CVE-2019-11561 // JVNDB: JVNDB-2019-004420 // VULHUB: VHN-143220

AFFECTED PRODUCTS

vendor:	chuango	model:	h4 plus	scope:	eq	version:	*	Trust: 1.0
vendor:	chuango	model:	cg-105s	scope:	eq	version:	*	Trust: 1.0
vendor:	chuango	model:	a11	scope:	eq	version:	*	Trust: 1.0
vendor:	chuango	model:	awv plus	scope:	eq	version:	*	Trust: 1.0
vendor:	chuango	model:	b11	scope:	eq	version:	*	Trust: 1.0
vendor:	chuango	model:	g5w	scope:	eq	version:	*	Trust: 1.0
vendor:	chuango	model:	g5w 3g	scope:	eq	version:	*	Trust: 1.0
vendor:	chuango	model:	g5 plus	scope:	eq	version:	*	Trust: 1.0
vendor:	chuango	model:	g3	scope:	eq	version:	*	Trust: 1.0
vendor:	chuango	model:	a8	scope:	eq	version:	*	Trust: 1.0
vendor:	chuango security corp	model:	a11	scope:	-	version:	-	Trust: 0.8
vendor:	chuango security corp	model:	a8	scope:	-	version:	-	Trust: 0.8
vendor:	chuango security corp	model:	awv plus	scope:	-	version:	-	Trust: 0.8
vendor:	chuango security corp	model:	b11	scope:	-	version:	-	Trust: 0.8
vendor:	chuango security corp	model:	cg-105s	scope:	-	version:	-	Trust: 0.8
vendor:	chuango security corp	model:	g3	scope:	-	version:	-	Trust: 0.8
vendor:	chuango security corp	model:	g5 plus	scope:	-	version:	-	Trust: 0.8
vendor:	chuango security corp	model:	g5w 3g	scope:	-	version:	-	Trust: 0.8
vendor:	chuango security corp	model:	g5w	scope:	-	version:	-	Trust: 0.8
vendor:	chuango security corp	model:	h4 plus	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-004420 // NVD: CVE-2019-11561

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-11561
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-11561
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201905-200
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-143220
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-11561
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-143220
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-11561
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-143220 // JVNDB: JVNDB-2019-004420 // CNNVD: CNNVD-201905-200 // NVD: CVE-2019-11561

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-143220 // JVNDB: JVNDB-2019-004420 // NVD: CVE-2019-11561

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-200

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201905-200

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004420

PATCH

title:

Top Page

url:

http://www.chuango.com/

Trust: 0.8

sources: JVNDB: JVNDB-2019-004420

EXTERNAL IDS

db:	NVD	id:	CVE-2019-11561	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-004420	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-200	Trust: 0.7
db:	VULHUB	id:	VHN-143220	Trust: 0.1

sources: VULHUB: VHN-143220 // JVNDB: JVNDB-2019-004420 // CNNVD: CNNVD-201905-200 // NVD: CVE-2019-11561

REFERENCES

url:	https://github.com/riiecco/write-ups/tree/master/cve-2019-11561	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11561	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11561	Trust: 0.8

sources: VULHUB: VHN-143220 // JVNDB: JVNDB-2019-004420 // CNNVD: CNNVD-201905-200 // NVD: CVE-2019-11561

SOURCES

db:	VULHUB	id:	VHN-143220
db:	JVNDB	id:	JVNDB-2019-004420
db:	CNNVD	id:	CNNVD-201905-200
db:	NVD	id:	CVE-2019-11561

LAST UPDATE DATE

2024-11-23T22:25:56.017000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-143220	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-004420	date:	2019-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201905-200	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-11561	date:	2024-11-21T04:21:21.170

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-143220	date:	2019-05-08T00:00:00
db:	JVNDB	id:	JVNDB-2019-004420	date:	2019-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201905-200	date:	2019-05-08T00:00:00
db:	NVD	id:	CVE-2019-11561	date:	2019-05-08T16:29:00.407