ID
CVE
TITLE
Htek UC902 VoIP phone Buffer error vulnerability
sources:
JVNDB: JVNDB-2019-006649 //
CNNVD: CNNVD-201907-1173
DESCRIPTION
The Htek UC902 VoIP phone web management interface contains several buffer overflow vulnerabilities in the firmware version 2.0.4.4.46, which allow an attacker to crash the device (DoS) without authentication or execute code (authenticated as a user) to spawn a remote shell as a root user. Htek UC902 VoIP phone Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HtekUC902VoIPphone is an IP phone from China's Hantek Technology (Htek). A buffer overflow vulnerability exists in the web management interface in the HtekUC902 VoIPphone using firmware version 2.0.4.4.46. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow
sources:
NVD: CVE-2019-12325 //
JVNDB: JVNDB-2019-006649 //
CNVD: CNVD-2019-23997 //
VULHUB: VHN-144060
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | |
sources:
CNVD: CNVD-2019-23997
AFFECTED PRODUCTS
| vendor: | htek | model: | uc902 | scope: | eq | version: | 2.0.4.4.46 | |
| vendor: | htek | model: | uc902 voip phone | scope: | eq | version: | 2.0.4.4.46 | |
sources:
CNVD: CNVD-2019-23997 //
JVNDB: JVNDB-2019-006649 //
NVD: CVE-2019-12325
CVSS
SEVERITY | CVSSV2 | CVSSV3 |
| nvd@nist.gov: | CVE-2019-12325 | |
|
| value: | HIGH | | | cve@mitre.org: | CVE-2019-12325 | |
|
| value: | HIGH | | | NVD: | CVE-2019-12325 | |
|
| value: | HIGH | | | CNVD: | CNVD-2019-23997 | |
|
| value: | HIGH | | | CNNVD: | CNNVD-201907-1173 | |
|
| value: | HIGH | | | VULHUB: | VHN-144060 | |
|
| value: | HIGH | |
| | nvd@nist.gov: | CVE-2019-12325 | |
|
| severity: | HIGH | | baseScore: | 9.0 | | vectorString: | AV:N/AC:L/AU:S/C:C/I:C/A:C | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | SINGLE | | confidentialityImpact: | COMPLETE | | integrityImpact: | COMPLETE | | availabilityImpact: | COMPLETE | | exploitabilityScore: | 8.0 | | impactScore: | 10.0 | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | | | CNVD: | CNVD-2019-23997 | |
|
| severity: | HIGH | | baseScore: | 9.0 | | vectorString: | AV:N/AC:L/AU:S/C:C/I:C/A:C | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | SINGLE | | confidentialityImpact: | COMPLETE | | integrityImpact: | COMPLETE | | availabilityImpact: | COMPLETE | | exploitabilityScore: | 8.0 | | impactScore: | 10.0 | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | | | VULHUB: | VHN-144060 | |
|
| severity: | HIGH | | baseScore: | 9.0 | | vectorString: | AV:N/AC:L/AU:S/C:C/I:C/A:C | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | SINGLE | | confidentialityImpact: | COMPLETE | | integrityImpact: | COMPLETE | | availabilityImpact: | COMPLETE | | exploitabilityScore: | 8.0 | | impactScore: | 10.0 | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | |
| | nvd@nist.gov: | CVE-2019-12325 | |
|
| baseSeverity: | HIGH | | baseScore: | 8.8 | | vectorString: | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | | attackVector: | NETWORK | | attackComplexity: | LOW | | privilegesRequired: | LOW | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | HIGH | | integrityImpact: | HIGH | | availabilityImpact: | HIGH | | exploitabilityScore: | 2.8 | | impactScore: | 5.9 | | version: | 3.1 | | | cve@mitre.org: | CVE-2019-12325 | |
|
| baseSeverity: | HIGH | | baseScore: | 8.2 | | vectorString: | CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H | | attackVector: | ADJACENT | | attackComplexity: | LOW | | privilegesRequired: | LOW | | userInteraction: | NONE | | scope: | CHANGED | | confidentialityImpact: | LOW | | integrityImpact: | LOW | | availabilityImpact: | HIGH | | exploitabilityScore: | 2.3 | | impactScore: | 5.3 | | version: | 3.0 | | | NVD: | CVE-2019-12325 | |
|
| baseSeverity: | HIGH | | baseScore: | 8.8 | | vectorString: | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | | attackVector: | NETWORK | | attackComplexity: | LOW | | privilegesRequired: | LOW | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | HIGH | | integrityImpact: | HIGH | | availabilityImpact: | HIGH | | exploitabilityScore: | NONE | | impactScore: | NONE | | version: | 3.0 | |
|
sources:
CNVD: CNVD-2019-23997 //
VULHUB: VHN-144060 //
JVNDB: JVNDB-2019-006649 //
CNNVD: CNNVD-201907-1173 //
NVD: CVE-2019-12325 //
NVD: CVE-2019-12325
PROBLEMTYPE DATA
| problemtype: | CWE-787 | |
| problemtype: | CWE-119 | |
sources:
VULHUB: VHN-144060 //
JVNDB: JVNDB-2019-006649 //
NVD: CVE-2019-12325
THREAT TYPE
sources:
CNNVD: CNNVD-201907-1173
TYPE
sources:
CNNVD: CNNVD-201907-1173
CONFIGURATIONS
sources:
JVNDB: JVNDB-2019-006649
PATCH
| title: | UC902 Enterprise IP Phone | url: | http://www.htek.com/products/UC900_Series/uc902/details/index.html | |
sources:
JVNDB: JVNDB-2019-006649
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-12325 | |
| db: | JVNDB | id: | JVNDB-2019-006649 | |
| db: | CNNVD | id: | CNNVD-201907-1173 | |
| db: | CNVD | id: | CNVD-2019-23997 | |
| db: | VULHUB | id: | VHN-144060 | |
sources:
CNVD: CNVD-2019-23997 //
VULHUB: VHN-144060 //
JVNDB: JVNDB-2019-006649 //
CNNVD: CNNVD-201907-1173 //
NVD: CVE-2019-12325
REFERENCES
| url: | https://www.sit.fraunhofer.de/fileadmin/dokumente/cve/advisory_htek_uc902.pdf | |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-12325 | |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12325 | |
sources:
CNVD: CNVD-2019-23997 //
VULHUB: VHN-144060 //
JVNDB: JVNDB-2019-006649 //
CNNVD: CNNVD-201907-1173 //
NVD: CVE-2019-12325
SOURCES
| db: | CNVD | id: | CNVD-2019-23997 |
| db: | VULHUB | id: | VHN-144060 |
| db: | JVNDB | id: | JVNDB-2019-006649 |
| db: | CNNVD | id: | CNNVD-201907-1173 |
| db: | NVD | id: | CVE-2019-12325 |
LAST UPDATE DATE
2024-11-23T22:06:08.520000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2019-23997 | date: | 2019-07-24T00:00:00 |
| db: | VULHUB | id: | VHN-144060 | date: | 2019-10-09T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-006649 | date: | 2019-07-24T00:00:00 |
| db: | CNNVD | id: | CNNVD-201907-1173 | date: | 2022-04-19T00:00:00 |
| db: | NVD | id: | CVE-2019-12325 | date: | 2024-11-21T04:22:37.237 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2019-23997 | date: | 2019-07-24T00:00:00 |
| db: | VULHUB | id: | VHN-144060 | date: | 2019-07-22T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-006649 | date: | 2019-07-24T00:00:00 |
| db: | CNNVD | id: | CNNVD-201907-1173 | date: | 2019-07-22T00:00:00 |
| db: | NVD | id: | CVE-2019-12325 | date: | 2019-07-22T16:15:11.660 |
