Sign-up

ID

VAR-201907-0206


CVE

CVE-2019-9657


TITLE

Alarm.com ADC-V522IR Device access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006491

DESCRIPTION

Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control, a different issue than CVE-2018-19588. This occurs because of incorrect protection of VPN certificates (used for initiating a VPN session to the Alarm.com infrastructure) on the local camera device. This vulnerability CVE-2018-19588 Is a different vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Alarm.com ADC-V522IR 0100b9 is an indoor network camera produced by Alarm.com in the United States. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

Trust: 1.71

sources: NVD: CVE-2019-9657 // JVNDB: JVNDB-2019-006491 // VULHUB: VHN-161092

IOT TAXONOMY

category:['camera device']sub_category:camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:alarmmodel:adc-v522irscope:eqversion:0100b9

Trust: 1.0

vendor:alarm commodel:adc-v522irscope:eqversion:0100b9

Trust: 0.8

sources: JVNDB: JVNDB-2019-006491 // NVD: CVE-2019-9657

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-9657
value: HIGH

Trust: 1.0

NVD: CVE-2019-9657
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201907-670
value: HIGH

Trust: 0.6

VULHUB: VHN-161092
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-9657
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-161092
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-9657
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-161092 // JVNDB: JVNDB-2019-006491 // CNNVD: CNNVD-201907-670 // NVD: CVE-2019-9657

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-161092 // JVNDB: JVNDB-2019-006491 // NVD: CVE-2019-9657

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201907-670

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201907-670

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006491

PATCH
title:Alarm.com ADC-V522IRurl:https://www.alarmgrid.com/products/alarm-com-adc-v522ir
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-006491

EXTERNAL IDS
db:NVDid:CVE-2019-9657
Trust: 2.6
db:JVNDBid:JVNDB-2019-006491
Trust: 0.8
db:CNNVDid:CNNVD-201907-670
Trust: 0.7
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-161092
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-161092 // 
            
            
            
            JVNDB: JVNDB-2019-006491 // 
            
            
            
            CNNVD: CNNVD-201907-670 // 
            
            
            
            NVD: CVE-2019-9657

REFERENCES
url:https://www.vfxcomputing.com/?cve-2019-9657
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-9657
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9657
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-161092 // 
            
            
            
            JVNDB: JVNDB-2019-006491 // 
            
            
            
            CNNVD: CNNVD-201907-670 // 
            
            
            
            NVD: CVE-2019-9657

SOURCES
db:OTHERid: - 
db:VULHUBid:VHN-161092
db:JVNDBid:JVNDB-2019-006491
db:CNNVDid:CNNVD-201907-670
db:NVDid:CVE-2019-9657

LAST UPDATE DATE
2025-01-30T22:19:04.850000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-161092date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-006491date:2019-07-22T00:00:00
db:CNNVDid:CNNVD-201907-670date:2020-08-25T00:00:00
db:NVDid:CVE-2019-9657date:2024-11-21T04:52:03.937

SOURCES RELEASE DATE
db:VULHUBid:VHN-161092date:2019-07-11T00:00:00
db:JVNDBid:JVNDB-2019-006491date:2019-07-22T00:00:00
db:CNNVDid:CNNVD-201907-670date:2019-07-11T00:00:00
db:NVDid:CVE-2019-9657date:2019-07-11T19:15:13.517