Sign-up

ID

VAR-201910-0921


CVE

CVE-2019-15064


TITLE

HiNet GPON Firmware authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-011097

DESCRIPTION

HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication. HiNet GPON There are authentication vulnerabilities in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Chunghwa Telecom HiNet GPON is an optical modem of Chunghwa Telecom, Taiwan. Chunghwa Telecom HiNet GPON using firmware earlier than I040GWR190731 has a security vulnerability

Trust: 2.16

sources: NVD: CVE-2019-15064 // JVNDB: JVNDB-2019-011097 // CNVD: CNVD-2019-38471

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-38471

AFFECTED PRODUCTS

vendor:hinetmodel:gponscope:ltversion:i040gwr190731

Trust: 1.8

vendor:chunghwamodel:telecom chunghwa telecom hinet gpon <i040gwr190731scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-38471 // JVNDB: JVNDB-2019-011097 // NVD: CVE-2019-15064

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15064
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-15064
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-38471
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201910-1210
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-15064
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-38471
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15064
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-15064
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-38471 // JVNDB: JVNDB-2019-011097 // CNNVD: CNNVD-201910-1210 // NVD: CVE-2019-15064

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:CWE-287

Trust: 0.8

sources: JVNDB: JVNDB-2019-011097 // NVD: CVE-2019-15064

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-1210

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201910-1210

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011097

PATCH
title:Top Pageurl:https://www.hinet.net/
Trust: 0.8
title:Patch for Chunghwa Telecom HiNet GPON Access Control Vulnerability Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/188169
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-38471 // 
            
            
            
            JVNDB: JVNDB-2019-011097

EXTERNAL IDS
db:NVDid:CVE-2019-15064
Trust: 3.0
db:TWCERT ENid:CP-128-3015-170FE-2
Trust: 2.4
db:TWCERTid:TVN-201908007
Trust: 1.6
db:JVNDBid:JVNDB-2019-011097
Trust: 0.8
db:CNVDid:CNVD-2019-38471
Trust: 0.6
db:CNNVDid:CNNVD-201910-1210
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-38471 // 
            
            
            
            JVNDB: JVNDB-2019-011097 // 
            
            
            
            CNNVD: CNNVD-201910-1210 // 
            
            
            
            NVD: CVE-2019-15064

REFERENCES
url:https://www.twcert.org.tw/en/cp-128-3015-170fe-2.html
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-15064
Trust: 2.0
url:https://tvn.twcert.org.tw/taiwanvn/tvn-201908007
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15064
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-38471 // 
            
            
            
            JVNDB: JVNDB-2019-011097 // 
            
            
            
            CNNVD: CNNVD-201910-1210 // 
            
            
            
            NVD: CVE-2019-15064

SOURCES
db:CNVDid:CNVD-2019-38471
db:JVNDBid:JVNDB-2019-011097
db:CNNVDid:CNNVD-201910-1210
db:NVDid:CVE-2019-15064

LAST UPDATE DATE
2024-11-23T22:21:25.330000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-38471date:2019-11-01T00:00:00
db:JVNDBid:JVNDB-2019-011097date:2019-10-29T00:00:00
db:CNNVDid:CNNVD-201910-1210date:2020-09-02T00:00:00
db:NVDid:CVE-2019-15064date:2024-11-21T04:27:58.880

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-38471date:2019-11-01T00:00:00
db:JVNDBid:JVNDB-2019-011097date:2019-10-29T00:00:00
db:CNNVDid:CNNVD-201910-1210date:2019-10-17T00:00:00
db:NVDid:CVE-2019-15064date:2019-10-17T20:15:12.237