Sign-up

ID

VAR-201912-1052


CVE

CVE-2019-19967


TITLE

Connect Box EuroDOCSIS Vulnerability in the transmission of important information in clear text on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-013896

DESCRIPTION

The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH devices accepts a cleartext password in a POST request on port 80, as demonstrated by the Password field to the xml/setter.xml URI. Connect Box EuroDOCSIS The device contains a vulnerability in transmitting sensitive information in the clear.Information may be obtained. The vulnerability stems from the fact that the password in the POST request received by the program on port 80 is in plain text

Trust: 2.16

sources: NVD: CVE-2019-19967 // JVNDB: JVNDB-2019-013896 // CNVD: CNVD-2020-01958

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-01958

AFFECTED PRODUCTS

vendor:upcmodel:connect box eurodocsisscope:eqversion:ch7465lg-ncip-6.12.18.25-2p6-nosh

Trust: 1.6

vendor:upcmodel:connect box eurodocsisscope:eqversion:3.0 voice gateway ch7465lg-ncip-6.12.18.25-2p6-nosh

Trust: 0.8

vendor:connectmodel:box connect box eurodocsis voice gateway ch7465lg-ncip-6.12.18.25-2p6-noshscope:eqversion:3.0

Trust: 0.6

vendor:upcmodel:connect box eurodocsisscope:eqversion:3.0

Trust: 0.6

sources: CNVD: CNVD-2020-01958 // JVNDB: JVNDB-2019-013896 // CNNVD: CNNVD-201912-1097 // NVD: CVE-2019-19967

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19967
value: HIGH

Trust: 1.0

NVD: CVE-2019-19967
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-01958
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-1097
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-19967
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-01958
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-19967
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-19967
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-01958 // JVNDB: JVNDB-2019-013896 // CNNVD: CNNVD-201912-1097 // NVD: CVE-2019-19967

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.8

sources: JVNDB: JVNDB-2019-013896 // NVD: CVE-2019-19967

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-1097

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201912-1097

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013896

PATCH
title:Top Pageurl:https://www.upc.ch/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-013896

EXTERNAL IDS
db:NVDid:CVE-2019-19967
Trust: 3.0
db:JVNDBid:JVNDB-2019-013896
Trust: 0.8
db:CNVDid:CNVD-2020-01958
Trust: 0.6
db:CNNVDid:CNNVD-201912-1097
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-01958 // 
            
            
            
            JVNDB: JVNDB-2019-013896 // 
            
            
            
            CNNVD: CNNVD-201912-1097 // 
            
            
            
            NVD: CVE-2019-19967

REFERENCES
url:https://github.com/filipi86/connectboxdocsis-3.0
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-19967
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19967
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-01958 // 
            
            
            
            JVNDB: JVNDB-2019-013896 // 
            
            
            
            CNNVD: CNNVD-201912-1097 // 
            
            
            
            NVD: CVE-2019-19967

SOURCES
db:CNVDid:CNVD-2020-01958
db:JVNDBid:JVNDB-2019-013896
db:CNNVDid:CNNVD-201912-1097
db:NVDid:CVE-2019-19967

LAST UPDATE DATE
2024-11-23T22:55:19.888000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-01958date:2020-01-14T00:00:00
db:JVNDBid:JVNDB-2019-013896date:2020-01-21T00:00:00
db:CNNVDid:CNNVD-201912-1097date:2020-01-17T00:00:00
db:NVDid:CVE-2019-19967date:2024-11-21T04:35:45.970

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-01958date:2020-01-14T00:00:00
db:JVNDBid:JVNDB-2019-013896date:2020-01-21T00:00:00
db:CNNVDid:CNNVD-201912-1097date:2019-12-24T00:00:00
db:NVDid:CVE-2019-19967date:2019-12-25T22:15:11.590