Sign-up

ID

VAR-201908-0981


CVE

CVE-2019-15745


TITLE

Eques elf Vulnerabilities related to the use of hard-coded credentials in smart plugs and mobile applications

Trust: 0.8

sources: JVNDB: JVNDB-2019-008908

DESCRIPTION

The Eques elf smart plug and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication happens over UDP port 27431. An attacker on the local network can use the same key to encrypt and send commands to discover all smart plugs in a network, take over control of a device, and perform actions such as turning it on and off. There is a security hole in the Eques Technology elf smart plug

Trust: 2.25

sources: NVD: CVE-2019-15745 // JVNDB: JVNDB-2019-008908 // CNVD: CNVD-2019-31320 // VULHUB: VHN-147822

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-31320

AFFECTED PRODUCTS

vendor:equeshomemodel:elf smart plugscope:eqversion: -

Trust: 1.0

vendor:equeshomemodel:elf smart plugscope: - version: -

Trust: 0.8

vendor:equesmodel:technology elf smart plugscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-31320 // JVNDB: JVNDB-2019-008908 // NVD: CVE-2019-15745

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15745
value: HIGH

Trust: 1.0

NVD: CVE-2019-15745
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-31320
value: LOW

Trust: 0.6

CNNVD: CNNVD-201908-2207
value: HIGH

Trust: 0.6

VULHUB: VHN-147822
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-15745
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-31320
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-147822
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-15745
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-31320 // VULHUB: VHN-147822 // JVNDB: JVNDB-2019-008908 // CNNVD: CNNVD-201908-2207 // NVD: CVE-2019-15745

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-147822 // JVNDB: JVNDB-2019-008908 // NVD: CVE-2019-15745

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201908-2207

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201908-2207

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008908

PATCH
title:Elf Smart Plugurl:https://equeshome.com/products/elf-smart-plug
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-008908

EXTERNAL IDS
db:NVDid:CVE-2019-15745
Trust: 3.1
db:JVNDBid:JVNDB-2019-008908
Trust: 0.8
db:CNNVDid:CNNVD-201908-2207
Trust: 0.7
db:CNVDid:CNVD-2019-31320
Trust: 0.6
db:VULHUBid:VHN-147822
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-31320 // 
            
            
            
            VULHUB: VHN-147822 // 
            
            
            
            JVNDB: JVNDB-2019-008908 // 
            
            
            
            CNNVD: CNNVD-201908-2207 // 
            
            
            
            NVD: CVE-2019-15745

REFERENCES
url:https://github.com/iamckn/eques
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-15745
Trust: 2.0
url:https://www.ckn.io/blog/2019/08/27/exploiting-the-eques-elf-smart-plug-part-four/
Trust: 1.7
url:https://www.ckn.io/blog/2019/08/27/exploiting-the-eques-elf-smart-plug-part-one/
Trust: 1.7
url:https://www.ckn.io/blog/2019/08/27/exploiting-the-eques-elf-smart-plug-part-three/
Trust: 1.7
url:https://www.ckn.io/blog/2019/08/27/exploiting-the-eques-elf-smart-plug-part-two/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15745
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-31320 // 
            
            
            
            VULHUB: VHN-147822 // 
            
            
            
            JVNDB: JVNDB-2019-008908 // 
            
            
            
            CNNVD: CNNVD-201908-2207 // 
            
            
            
            NVD: CVE-2019-15745

SOURCES
db:CNVDid:CNVD-2019-31320
db:VULHUBid:VHN-147822
db:JVNDBid:JVNDB-2019-008908
db:CNNVDid:CNNVD-201908-2207
db:NVDid:CVE-2019-15745

LAST UPDATE DATE
2024-11-23T22:21:32.895000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-31320date:2019-09-14T00:00:00
db:VULHUBid:VHN-147822date:2019-09-05T00:00:00
db:JVNDBid:JVNDB-2019-008908date:2019-09-09T00:00:00
db:CNNVDid:CNNVD-201908-2207date:2019-09-06T00:00:00
db:NVDid:CVE-2019-15745date:2024-11-21T04:29:23.397

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-31320date:2019-09-14T00:00:00
db:VULHUBid:VHN-147822date:2019-08-29T00:00:00
db:JVNDBid:JVNDB-2019-008908date:2019-09-09T00:00:00
db:CNNVDid:CNNVD-201908-2207date:2019-08-29T00:00:00
db:NVDid:CVE-2019-15745date:2019-08-29T13:15:11.227