Sign-up

ID

VAR-201908-0132


CVE

CVE-2019-7163


TITLE

Alcatel LINKZONE Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-007470

DESCRIPTION

The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without knowing the administrator's password. Alcatel LINKZONE The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TCL Communication Alcatel LINKZONE is a portable 4G wireless router of China TCL Communication (TCL Communication) company

Trust: 2.25

sources: NVD: CVE-2019-7163 // JVNDB: JVNDB-2019-007470 // CNVD: CNVD-2020-20163 // VULHUB: VHN-158598

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-20163

AFFECTED PRODUCTS

vendor:tclmodel:alcatel linkzonescope:eqversion:mw40-v-v1.0_mw40_lu_02.00_02

Trust: 1.0

vendor:tcl communication holdings tcl communicationmodel:alcatel linkzonescope:eqversion:mw40-v-v1.0 mw40_lu_02.00_02

Trust: 0.8

vendor:tclmodel:communication alcatel linkzone mw40-v-v1.0 mw40 lu 02.00 02scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-20163 // JVNDB: JVNDB-2019-007470 // NVD: CVE-2019-7163

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7163
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-7163
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-20163
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201908-265
value: CRITICAL

Trust: 0.6

VULHUB: VHN-158598
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-7163
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-20163
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-158598
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-7163
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2020-20163 // VULHUB: VHN-158598 // JVNDB: JVNDB-2019-007470 // CNNVD: CNNVD-201908-265 // NVD: CVE-2019-7163

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-158598 // JVNDB: JVNDB-2019-007470 // NVD: CVE-2019-7163

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-265

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201908-265

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007470

PATCH
title:Alcatel LINKZONEurl:https://us.alcatelmobile.com/alcatel-linkzone/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-007470

EXTERNAL IDS
db:NVDid:CVE-2019-7163
Trust: 3.1
db:JVNDBid:JVNDB-2019-007470
Trust: 0.8
db:CNVDid:CNVD-2020-20163
Trust: 0.7
db:CNNVDid:CNNVD-201908-265
Trust: 0.7
db:VULHUBid:VHN-158598
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-20163 // 
            
            
            
            VULHUB: VHN-158598 // 
            
            
            
            JVNDB: JVNDB-2019-007470 // 
            
            
            
            CNNVD: CNNVD-201908-265 // 
            
            
            
            NVD: CVE-2019-7163

REFERENCES
url:https://rhaidiz.net/2019/02/27/dribble-router-vulns-dlink-alcatel-cve-2019-6969-cve-2019-6968-cve-2019-7163/
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-7163
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7163
Trust: 0.8
url:http://blog.mastodon-tootdon.com/entry/2019/05/20/204019
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-20163 // 
            
            
            
            VULHUB: VHN-158598 // 
            
            
            
            JVNDB: JVNDB-2019-007470 // 
            
            
            
            CNNVD: CNNVD-201908-265 // 
            
            
            
            NVD: CVE-2019-7163

SOURCES
db:CNVDid:CNVD-2020-20163
db:VULHUBid:VHN-158598
db:JVNDBid:JVNDB-2019-007470
db:CNNVDid:CNNVD-201908-265
db:NVDid:CVE-2019-7163

LAST UPDATE DATE
2024-11-23T22:11:56.455000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-20163date:2020-03-30T00:00:00
db:VULHUBid:VHN-158598date:2019-08-12T00:00:00
db:JVNDBid:JVNDB-2019-007470date:2019-08-13T00:00:00
db:CNNVDid:CNNVD-201908-265date:2019-09-04T00:00:00
db:NVDid:CVE-2019-7163date:2024-11-21T04:47:41.817

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-20163date:2020-03-30T00:00:00
db:VULHUBid:VHN-158598date:2019-08-02T00:00:00
db:JVNDBid:JVNDB-2019-007470date:2019-08-13T00:00:00
db:CNNVDid:CNNVD-201908-265date:2019-08-02T00:00:00
db:NVDid:CVE-2019-7163date:2019-08-02T21:15:11.870