Details of VAR-201908-0744

ID

VAR-201908-0744

CVE

CVE-2019-15304

TITLE

Lierda Grill Temperature Monitor Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2019-008754

DESCRIPTION

Lierda Grill Temperature Monitor V1.00_50006 has a default password of admin for the admin account, which allows an attacker to cause a Denial of Service or Information Disclosure via the undocumented access-point configuration page located on the device. This wifi thermometer app requests and requires excessive permissions to operate such as Fine GPS location, camera, applists, Serial number, IMEI. In addition to the "backdoor" login access for "admin" purposes, this accompanying app also establishes connections with several china based URLs to include Alibaba cloud computing. NOTE: this device also ships with ProGrade branding. Lierda Grill Temperature Monitor Contains vulnerabilities related to certificate and password management.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. The Lierda Grill Temperature Monitor is a grill temperature monitor. There is a trust management issue vulnerability in Lierda Grill Temperature Monitor V1.00_50006. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

Trust: 1.71

sources: NVD: CVE-2019-15304 // JVNDB: JVNDB-2019-008754 // VULHUB: VHN-147337

AFFECTED PRODUCTS

vendor:	progradegrill	model:	wifi grilling thermometer	scope:	eq	version:	1.00_50006	Trust: 1.0
vendor:	prograde grilling	model:	wifi grilling thermometer	scope:	eq	version:	1.00_50006	Trust: 0.8

sources: JVNDB: JVNDB-2019-008754 // NVD: CVE-2019-15304

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15304
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-15304
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201908-1937
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-147337
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-15304
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-147337
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-15304
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-147337 // JVNDB: JVNDB-2019-008754 // CNNVD: CNNVD-201908-1937 // NVD: CVE-2019-15304

PROBLEMTYPE DATA

problemtype:	CWE-1188	Trust: 1.0
problemtype:	CWE-255	Trust: 0.9

sources: VULHUB: VHN-147337 // JVNDB: JVNDB-2019-008754 // NVD: CVE-2019-15304

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1937

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201908-1937

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008754

PATCH

title:

WiFi Grilling Thermometer

url:

http://progradegrill.com/wifi-grilling-thermometer/

Trust: 0.8

sources: JVNDB: JVNDB-2019-008754

EXTERNAL IDS

db:	PACKETSTORM	id:	154221	Trust: 2.5
db:	NVD	id:	CVE-2019-15304	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-008754	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-1937	Trust: 0.7
db:	VULHUB	id:	VHN-147337	Trust: 0.1

sources: VULHUB: VHN-147337 // JVNDB: JVNDB-2019-008754 // CNNVD: CNNVD-201908-1937 // NVD: CVE-2019-15304

REFERENCES

url:	http://packetstormsecurity.com/files/154221/prograde-lierda-grill-temperature-1.00_50006-hardcoded-credentials.html	Trust: 2.5
url:	http://progradegrill.com/wifi-grilling-thermometer/	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2019/aug/24	Trust: 1.7
url:	https://www.joesandbox.com/analysis/287596/0/html	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15304	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15304	Trust: 0.8
url:	https://packetstormsecurity.com/files/154221/prograde-lierda-grill-temperature-1.00/50006-hardcoded-credentials.html	Trust: 0.6

sources: VULHUB: VHN-147337 // JVNDB: JVNDB-2019-008754 // CNNVD: CNNVD-201908-1937 // NVD: CVE-2019-15304

CREDITS

Tim Tepatti

Trust: 0.6

sources: CNNVD: CNNVD-201908-1937

SOURCES

db:	VULHUB	id:	VHN-147337
db:	JVNDB	id:	JVNDB-2019-008754
db:	CNNVD	id:	CNNVD-201908-1937
db:	NVD	id:	CVE-2019-15304

LAST UPDATE DATE

2024-11-23T23:04:43.830000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-147337	date:	2020-09-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-008754	date:	2019-09-05T00:00:00
db:	CNNVD	id:	CNNVD-201908-1937	date:	2020-09-25T00:00:00
db:	NVD	id:	CVE-2019-15304	date:	2024-11-21T04:28:25.190

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-147337	date:	2019-08-26T00:00:00
db:	JVNDB	id:	JVNDB-2019-008754	date:	2019-09-05T00:00:00
db:	CNNVD	id:	CNNVD-201908-1937	date:	2019-08-26T00:00:00
db:	NVD	id:	CVE-2019-15304	date:	2019-08-26T13:15:11.303