Details of VAR-201908-0563

ID

VAR-201908-0563

CVE

CVE-2019-13269

TITLE

Edimax BR-6208AC V1 Vulnerability related to input validation on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-008817

DESCRIPTION

Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field. Edimax BR-6208AC V1 The device contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Edimax BR-6208AC is a wireless concurrent dual-band router. Edimax BR-6208AC V1 has a hidden channel vulnerability across routers. Edimax Technology BR-6208AC is a wireless router manufactured by Edimax Technology, Taiwan, China

Trust: 2.25

sources: NVD: CVE-2019-13269 // JVNDB: JVNDB-2019-008817 // CNVD: CNVD-2019-30063 // VULHUB: VHN-145098

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-30063

AFFECTED PRODUCTS

vendor:	edimax	model:	br-6208ac v1	scope:	eq	version:	-	Trust: 1.0
vendor:	edimax	model:	br-6208ac v1	scope:	-	version:	-	Trust: 0.8
vendor:	edimax	model:	br-6208ac	scope:	eq	version:	v1	Trust: 0.6

sources: CNVD: CNVD-2019-30063 // JVNDB: JVNDB-2019-008817 // NVD: CVE-2019-13269

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-13269
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-13269
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-30063
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201908-2081
value:	HIGH
Trust: 0.6
VULHUB:	VHN-145098
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-13269
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-30063
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-145098
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-13269
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-30063 // VULHUB: VHN-145098 // JVNDB: JVNDB-2019-008817 // CNNVD: CNNVD-201908-2081 // NVD: CVE-2019-13269

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-145098 // JVNDB: JVNDB-2019-008817 // NVD: CVE-2019-13269

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201908-2081

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201908-2081

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008817

PATCH

title:

Top Page

url:

https://www.edimax.com/edimax/global/

Trust: 0.8

sources: JVNDB: JVNDB-2019-008817

EXTERNAL IDS

db:	NVD	id:	CVE-2019-13269	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-008817	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-2081	Trust: 0.7
db:	CNVD	id:	CNVD-2019-30063	Trust: 0.6
db:	VULHUB	id:	VHN-145098	Trust: 0.1

sources: CNVD: CNVD-2019-30063 // VULHUB: VHN-145098 // JVNDB: JVNDB-2019-008817 // CNNVD: CNNVD-201908-2081 // NVD: CVE-2019-13269

REFERENCES

url:	https://www.usenix.org/system/files/woot19-paper_ovadia.pdf	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13269	Trust: 2.0
url:	https://orenlab.sise.bgu.ac.il/publications/crossrouter	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13269	Trust: 0.8

sources: CNVD: CNVD-2019-30063 // VULHUB: VHN-145098 // JVNDB: JVNDB-2019-008817 // CNNVD: CNNVD-201908-2081 // NVD: CVE-2019-13269

SOURCES

db:	CNVD	id:	CNVD-2019-30063
db:	VULHUB	id:	VHN-145098
db:	JVNDB	id:	JVNDB-2019-008817
db:	CNNVD	id:	CNNVD-201908-2081
db:	NVD	id:	CVE-2019-13269

LAST UPDATE DATE

2024-11-23T22:21:33.276000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-30063	date:	2019-09-03T00:00:00
db:	VULHUB	id:	VHN-145098	date:	2019-09-04T00:00:00
db:	JVNDB	id:	JVNDB-2019-008817	date:	2019-09-06T00:00:00
db:	CNNVD	id:	CNNVD-201908-2081	date:	2019-09-05T00:00:00
db:	NVD	id:	CVE-2019-13269	date:	2024-11-21T04:24:35.340

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-30063	date:	2019-09-03T00:00:00
db:	VULHUB	id:	VHN-145098	date:	2019-08-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-008817	date:	2019-09-06T00:00:00
db:	CNNVD	id:	CNNVD-201908-2081	date:	2019-08-27T00:00:00
db:	NVD	id:	CVE-2019-13269	date:	2019-08-27T18:15:11.030