Sign-up

ID

VAR-201909-0870


CVE

CVE-2019-15069


TITLE

Smart Battery A4 Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-009697

DESCRIPTION

An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege. Smart Battery A4 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2019-15069 // JVNDB: JVNDB-2019-009697 // VULHUB: VHN-147078

AFFECTED PRODUCTS

vendor:gigastonemodel:smart battery a4scope:lteversion:r1.7.9

Trust: 1.0

vendor:gigastonemodel:smart battery a4scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-009697 // NVD: CVE-2019-15069

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15069
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-15069
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201909-1178
value: CRITICAL

Trust: 0.6

VULHUB: VHN-147078
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-15069
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-147078
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-15069
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-15069
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-147078 // JVNDB: JVNDB-2019-009697 // CNNVD: CNNVD-201909-1178 // NVD: CVE-2019-15069

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-287

Trust: 0.9

sources: VULHUB: VHN-147078 // JVNDB: JVNDB-2019-009697 // NVD: CVE-2019-15069

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1178

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201909-1178

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009697

PATCH
title:Smart Battery A4url:https://www.gigastone.com/EN/product/c/2/n/15
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-009697

EXTERNAL IDS
db:NVDid:CVE-2019-15069
Trust: 2.5
db:TWCERTid:TVN-201908004
Trust: 1.7
db:JVNDBid:JVNDB-2019-009697
Trust: 0.8
db:CNNVDid:CNNVD-201909-1178
Trust: 0.7
db:VULHUBid:VHN-147078
Trust: 0.1
sources:
            
            
            VULHUB: VHN-147078 // 
            
            
            
            JVNDB: JVNDB-2019-009697 // 
            
            
            
            CNNVD: CNNVD-201909-1178 // 
            
            
            
            NVD: CVE-2019-15069

REFERENCES
url:https://www.twcert.org.tw/subpages/servethepublic/public_document_details.aspx?lang=en-us&id=46
Trust: 2.4
url:https://tvn.twcert.org.tw/taiwanvn/tvn-201908004
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-15069
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15069
Trust: 0.8
url:https://www.twcert.org.tw/subpages/servethepublic/public_document_details.aspx?lang=en-us&amp;id=46
Trust: 0.1
sources:
            
            
            VULHUB: VHN-147078 // 
            
            
            
            JVNDB: JVNDB-2019-009697 // 
            
            
            
            CNNVD: CNNVD-201909-1178 // 
            
            
            
            NVD: CVE-2019-15069

SOURCES
db:VULHUBid:VHN-147078
db:JVNDBid:JVNDB-2019-009697
db:CNNVDid:CNNVD-201909-1178
db:NVDid:CVE-2019-15069

LAST UPDATE DATE
2024-11-23T22:16:49.842000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-147078date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-009697date:2019-09-27T00:00:00
db:CNNVDid:CNNVD-201909-1178date:2020-08-25T00:00:00
db:NVDid:CVE-2019-15069date:2024-11-21T04:27:59.487

SOURCES RELEASE DATE
db:VULHUBid:VHN-147078date:2019-09-25T00:00:00
db:JVNDBid:JVNDB-2019-009697date:2019-09-27T00:00:00
db:CNNVDid:CNNVD-201909-1178date:2019-09-25T00:00:00
db:NVDid:CVE-2019-15069date:2019-09-25T19:15:10.627