Details of VAR-201910-0647

ID

VAR-201910-0647

CVE

CVE-2019-12941

TITLE

AutoPi Wi-Fi/NB and 4G/LTE Vulnerability related to information leak from cache in device

Trust: 0.8

sources: JVNDB: JVNDB-2019-011159

DESCRIPTION

AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. The default WiFi password and WiFi SSID are derived from the same hash function output (input is only 8 characters), which allows an attacker to deduce the WiFi password from the WiFi SSID. AutoPi Wi-Fi/NB and 4G/LTE The device contains a vulnerability related to information disclosure from the cache.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AutoPi.io AutoPi Wi-Fi / NB and AutoPi 4G / LTE are encryption devices from Denmark's AutoPi.io. AutoPi.io AutoPi Wi-Fi / NB and AutoPi 4G / LTE versions prior to 2019-10-15 have security vulnerabilities

Trust: 2.16

sources: NVD: CVE-2019-12941 // JVNDB: JVNDB-2019-011159 // CNVD: CNVD-2019-36986

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-36986

AFFECTED PRODUCTS

vendor:	autopi	model:	wi-fi\/nb	scope:	lt	version:	2019-10-15	Trust: 1.0
vendor:	autopi	model:	4g\/lte	scope:	lt	version:	2019-10-15	Trust: 1.0
vendor:	autopi io	model:	4g/lte	scope:	eq	version:	2019/10/15	Trust: 0.8
vendor:	autopi io	model:	wi-fi/nb	scope:	eq	version:	2019/10/15	Trust: 0.8
vendor:	autopi io	model:	wi-fi/nb and 4g/lte devices	scope:	lt	version:	2019-10-15	Trust: 0.6

sources: CNVD: CNVD-2019-36986 // JVNDB: JVNDB-2019-011159 // NVD: CVE-2019-12941

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-12941
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-12941
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-36986
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201910-811
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2019-12941
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-36986
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-12941
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-12941
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-36986 // JVNDB: JVNDB-2019-011159 // CNNVD: CNNVD-201910-811 // NVD: CVE-2019-12941

PROBLEMTYPE DATA

problemtype:	CWE-307	Trust: 1.0
problemtype:	CWE-522	Trust: 0.8

sources: JVNDB: JVNDB-2019-011159 // NVD: CVE-2019-12941

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-811

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201910-811

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011159

PATCH

title:	Top Page	url:	https://www.autopi.io/	Trust: 0.8
title:	Patch for AutoPi.io AutoPi Wi-Fi / NB and AutoPi 4G / LTE Brute Force Attack Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/186815	Trust: 0.6
title:	AutoPi.io AutoPi Wi-Fi/NB and AutoPi 4G/LTE Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100346	Trust: 0.6

sources: CNVD: CNVD-2019-36986 // JVNDB: JVNDB-2019-011159 // CNNVD: CNNVD-201910-811

EXTERNAL IDS

db:	NVD	id:	CVE-2019-12941	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-011159	Trust: 0.8
db:	CNVD	id:	CNVD-2019-36986	Trust: 0.6
db:	CNNVD	id:	CNNVD-201910-811	Trust: 0.6

sources: CNVD: CNVD-2019-36986 // JVNDB: JVNDB-2019-011159 // CNNVD: CNNVD-201910-811 // NVD: CVE-2019-12941

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-12941	Trust: 2.0
url:	https://www.kth.se/nse/research/software-systems-architecture-and-security/	Trust: 1.6
url:	http://www.diva-portal.org/smash/get/diva2:1334244/fulltext01.pdf	Trust: 1.6
url:	https://www.kth.se/polopoly_fs/1.931922.1571071632!/burdzovic_matsson_dongle_v2.pdf	Trust: 1.4
url:	https://www.kth.se/polopoly_fs/1.931922.1571071632%21/burdzovic_matsson_dongle_v2.pdf	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12941	Trust: 0.8

sources: CNVD: CNVD-2019-36986 // JVNDB: JVNDB-2019-011159 // CNNVD: CNNVD-201910-811 // NVD: CVE-2019-12941

SOURCES

db:	CNVD	id:	CNVD-2019-36986
db:	JVNDB	id:	JVNDB-2019-011159
db:	CNNVD	id:	CNNVD-201910-811
db:	NVD	id:	CVE-2019-12941

LAST UPDATE DATE

2024-11-23T22:16:48.630000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-36986	date:	2019-10-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-011159	date:	2019-10-29T00:00:00
db:	CNNVD	id:	CNNVD-201910-811	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-12941	date:	2024-11-21T04:23:52.177

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-36986	date:	2019-10-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-011159	date:	2019-10-29T00:00:00
db:	CNNVD	id:	CNNVD-201910-811	date:	2019-10-14T00:00:00
db:	NVD	id:	CVE-2019-12941	date:	2019-10-14T18:15:10.387