Sign-up

ID

VAR-201911-0456


CVE

CVE-2019-15387


TITLE

Archos Core 101 Access Control Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-16015 // CNNVD: CNNVD-201911-885

DESCRIPTION

The Archos Core 101 Android device with a build fingerprint of archos/MTKAC101CR3G_ARCHOS/ac101cr3g:7.0/NRD90M/20180611.034442:user/release-keys contains a pre-installed app with a package name of com.roco.autogen app (versionCode=1, versionName=1) that allows any app co-located on the device to programmatically disable and enable Wi-Fi without the corresponding access permission through an exported interface. Archos Core 101 Android Devices are vulnerable to improper assignment of permissions to critical resources.Information may be tampered with. Archos Core 101 is a tablet computer from Archos, France. Archos Core 101 has an access control error vulnerability. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to unauthorizedly disable and enable Wi-Fi

Trust: 2.16

sources: NVD: CVE-2019-15387 // JVNDB: JVNDB-2019-012169 // CNVD: CNVD-2020-16015

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-16015

AFFECTED PRODUCTS

vendor:archosmodel:core 101scope:eqversion: -

Trust: 1.0

vendor:archosmodel:core 101scope: - version: -

Trust: 0.8

vendor:archosmodel:corescope:eqversion:101

Trust: 0.6

sources: CNVD: CNVD-2020-16015 // JVNDB: JVNDB-2019-012169 // NVD: CVE-2019-15387

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15387
value: LOW

Trust: 1.0

NVD: CVE-2019-15387
value: LOW

Trust: 0.8

CNVD: CNVD-2020-16015
value: LOW

Trust: 0.6

CNNVD: CNNVD-201911-885
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2019-15387
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-16015
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15387
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-15387
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-16015 // JVNDB: JVNDB-2019-012169 // CNNVD: CNNVD-201911-885 // NVD: CVE-2019-15387

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.0

problemtype:CWE-732

Trust: 0.8

sources: JVNDB: JVNDB-2019-012169 // NVD: CVE-2019-15387

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-885

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201911-885

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012169

PATCH
title:Tabletsurl:https://www.archos.com/us/products/tablets/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-012169

EXTERNAL IDS
db:NVDid:CVE-2019-15387
Trust: 3.0
db:JVNDBid:JVNDB-2019-012169
Trust: 0.8
db:CNVDid:CNVD-2020-16015
Trust: 0.6
db:CNNVDid:CNNVD-201911-885
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-16015 // 
            
            
            
            JVNDB: JVNDB-2019-012169 // 
            
            
            
            CNNVD: CNNVD-201911-885 // 
            
            
            
            NVD: CVE-2019-15387

REFERENCES
url:https://www.kryptowire.com/android-firmware-2019/
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-15387
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15387
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-16015 // 
            
            
            
            JVNDB: JVNDB-2019-012169 // 
            
            
            
            CNNVD: CNNVD-201911-885 // 
            
            
            
            NVD: CVE-2019-15387

SOURCES
db:CNVDid:CNVD-2020-16015
db:JVNDBid:JVNDB-2019-012169
db:CNNVDid:CNNVD-201911-885
db:NVDid:CVE-2019-15387

LAST UPDATE DATE
2024-11-23T23:11:38.187000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-16015date:2020-03-08T00:00:00
db:JVNDBid:JVNDB-2019-012169date:2019-11-26T00:00:00
db:CNNVDid:CNNVD-201911-885date:2020-08-25T00:00:00
db:NVDid:CVE-2019-15387date:2024-11-21T04:28:36.447

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-16015date:2020-03-08T00:00:00
db:JVNDBid:JVNDB-2019-012169date:2019-11-26T00:00:00
db:CNNVDid:CNNVD-201911-885date:2019-11-14T00:00:00
db:NVDid:CVE-2019-15387date:2019-11-14T17:15:18.927