Sign-up

ID

VAR-201908-1823


CVE

CVE-2019-11060


TITLE

ASUS HG100 Vulnerability related to resource depletion in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-008839

DESCRIPTION

The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service (DoS) by sending headers very slowly to keep HTTP or HTTPS connections and associated resources alive for a long period of time. CVSS 3.0 Base score 7.4 (Availability impacts). CVSS vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). ASUS HG100 The firmware contains a vulnerability related to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. ASUS SmartHome Gateway HG100 is a smart home central control gateway device from Taiwan ASUS (ASUS). A security vulnerability exists in the web api server on port 8080 in the ASUS SmartHome Gateway HG100 using firmware version 1.05.12 and earlier. An attacker could exploit the vulnerability to cause a denial of service

Trust: 2.34

sources: NVD: CVE-2019-11060 // JVNDB: JVNDB-2019-008839 // CNVD: CNVD-2019-30714 // VULHUB: VHN-142669 // VULMON: CVE-2019-11060

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-30714

AFFECTED PRODUCTS

vendor:asusmodel:hg100scope:lteversion:1.05.12

Trust: 1.0

vendor:asustek computermodel:hg100scope: - version: -

Trust: 0.8

vendor:asusmodel:smarthome gateway hg100scope:lteversion:<=1.05.12

Trust: 0.6

sources: CNVD: CNVD-2019-30714 // JVNDB: JVNDB-2019-008839 // NVD: CVE-2019-11060

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11060
value: HIGH

Trust: 1.0

twcert@cert.org.tw: CVE-2019-11060
value: HIGH

Trust: 1.0

NVD: CVE-2019-11060
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-30714
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201908-2171
value: HIGH

Trust: 0.6

VULHUB: VHN-142669
value: HIGH

Trust: 0.1

VULMON: CVE-2019-11060
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-11060
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-30714
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-142669
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11060
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

twcert@cert.org.tw: CVE-2019-11060
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-11060
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-30714 // VULHUB: VHN-142669 // VULMON: CVE-2019-11060 // JVNDB: JVNDB-2019-008839 // CNNVD: CNNVD-201908-2171 // NVD: CVE-2019-11060 // NVD: CVE-2019-11060

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

problemtype:CWE-770

Trust: 1.1

sources: VULHUB: VHN-142669 // JVNDB: JVNDB-2019-008839 // NVD: CVE-2019-11060

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-2171

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201908-2171

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008839

PATCH
title:ASUS SmartHome Gateway (HG100)url:https://www.asus.com/sg/Internet-of-Things/ASUS-SmartHome-Gateway-HG100/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-008839

EXTERNAL IDS
db:NVDid:CVE-2019-11060
Trust: 3.2
db:EXPLOIT-DBid:46720
Trust: 2.4
db:TWCERTid:TVN-201906002
Trust: 1.8
db:JVNDBid:JVNDB-2019-008839
Trust: 0.8
db:CNNVDid:CNNVD-201908-2171
Trust: 0.7
db:CNVDid:CNVD-2019-30714
Trust: 0.6
db:VULHUBid:VHN-142669
Trust: 0.1
db:VULMONid:CVE-2019-11060
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-30714 // 
            
            
            
            VULHUB: VHN-142669 // 
            
            
            
            VULMON: CVE-2019-11060 // 
            
            
            
            JVNDB: JVNDB-2019-008839 // 
            
            
            
            CNNVD: CNNVD-201908-2171 // 
            
            
            
            NVD: CVE-2019-11060

REFERENCES
url:https://www.exploit-db.com/exploits/46720
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-11060
Trust: 2.0
url:http://surl.twcert.org.tw/aarvj
Trust: 1.8
url:https://tvn.twcert.org.tw/taiwanvn/tvn-201906002
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11060
Trust: 0.8
url:https://twcert.org.tw/subpages/servethepublic/public_document_details.aspx?lang=en-us&id=41
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/770.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-30714 // 
            
            
            
            VULHUB: VHN-142669 // 
            
            
            
            VULMON: CVE-2019-11060 // 
            
            
            
            JVNDB: JVNDB-2019-008839 // 
            
            
            
            CNNVD: CNNVD-201908-2171 // 
            
            
            
            NVD: CVE-2019-11060

SOURCES
db:CNVDid:CNVD-2019-30714
db:VULHUBid:VHN-142669
db:VULMONid:CVE-2019-11060
db:JVNDBid:JVNDB-2019-008839
db:CNNVDid:CNNVD-201908-2171
db:NVDid:CVE-2019-11060

LAST UPDATE DATE
2024-11-23T22:11:51.047000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-30714date:2019-09-06T00:00:00
db:VULHUBid:VHN-142669date:2020-10-02T00:00:00
db:VULMONid:CVE-2019-11060date:2020-10-02T00:00:00
db:JVNDBid:JVNDB-2019-008839date:2019-09-06T00:00:00
db:CNNVDid:CNNVD-201908-2171date:2020-10-09T00:00:00
db:NVDid:CVE-2019-11060date:2024-11-21T04:20:27.620

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-30714date:2019-09-06T00:00:00
db:VULHUBid:VHN-142669date:2019-08-29T00:00:00
db:VULMONid:CVE-2019-11060date:2019-08-29T00:00:00
db:JVNDBid:JVNDB-2019-008839date:2019-09-06T00:00:00
db:CNNVDid:CNNVD-201908-2171date:2019-08-28T00:00:00
db:NVDid:CVE-2019-11060date:2019-08-29T01:15:10.850