Sign-up

ID

VAR-201912-1498


CVE

CVE-2019-15911


TITLE

plural ASUS Vulnerability in sending clear information of important information in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-013946

DESCRIPTION

An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Because of insecure key transport in ZigBee communication, attackers can obtain sensitive information, cause the multiple denial of service attacks, take over smart home devices, and tamper with messages. plural ASUS The product contains a vulnerability in transmitting sensitive information in the clear.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. ASUS SmartHome Gateway HG100 and other products are products of ASUS, Taiwan. ASUS SmartHome Gateway HG100 is a smart home central control gateway device. ASUS WS-101 is a smart switch sensor. TS-101 is a temperature / humidity sensor. There are security vulnerabilities in ASUS SmartHome Gateway HG100 version 1.05.12, WS-101 version 1.05.12 and TS-101 version 1.05.12 (using ZigBee PRO), which originated from the program's insecure transmission of keys

Trust: 2.16

sources: NVD: CVE-2019-15911 // JVNDB: JVNDB-2019-013946 // CNVD: CNVD-2020-03055

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

category:['home & office device', 'network device']sub_category:smart home device

Trust: 0.1

category:['home & office device', 'network device']sub_category:gateway

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2020-03055

AFFECTED PRODUCTS

vendor:asusmodel:ms-101scope:eqversion: -

Trust: 2.2

vendor:asusmodel:ws-101scope:eqversion: -

Trust: 2.2

vendor:asusmodel:hg100scope:eqversion: -

Trust: 2.2

vendor:asusmodel:mw100scope:eqversion: -

Trust: 2.2

vendor:asusmodel:ts-101scope:eqversion: -

Trust: 1.6

vendor:asusmodel:as-101scope:eqversion: -

Trust: 1.6

vendor:asusmodel:dl-101scope:eqversion: -

Trust: 1.0

vendor:asustek computermodel:as101scope: - version: -

Trust: 0.8

vendor:asustek computermodel:dl101scope: - version: -

Trust: 0.8

vendor:asustek computermodel:hg100scope: - version: -

Trust: 0.8

vendor:asustek computermodel:ms-101scope: - version: -

Trust: 0.8

vendor:asustek computermodel:mw100scope: - version: -

Trust: 0.8

vendor:asustek computermodel:ts101scope: - version: -

Trust: 0.8

vendor:asustek computermodel:ws101scope: - version: -

Trust: 0.8

vendor:asusmodel:smarthome gateway hg100scope:eqversion:1.05.12

Trust: 0.6

vendor:asusmodel:smarthome gateway ws-101scope:eqversion:1.05.12

Trust: 0.6

vendor:asusmodel:smarthome gateway ts-101scope:eqversion:1.05.12

Trust: 0.6

sources: CNVD: CNVD-2020-03055 // JVNDB: JVNDB-2019-013946 // CNNVD: CNNVD-201912-963 // NVD: CVE-2019-15911

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15911
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-15911
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-03055
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201912-963
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-15911
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-03055
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15911
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-15911
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-03055 // JVNDB: JVNDB-2019-013946 // CNNVD: CNNVD-201912-963 // NVD: CVE-2019-15911

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.8

sources: JVNDB: JVNDB-2019-013946 // NVD: CVE-2019-15911

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-963

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201912-963

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013946

PATCH
title:Top Pageurl:https://www.asus.com/sg/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-013946

EXTERNAL IDS
db:NVDid:CVE-2019-15911
Trust: 3.1
db:JVNDBid:JVNDB-2019-013946
Trust: 0.8
db:CNVDid:CNVD-2020-03055
Trust: 0.6
db:CNNVDid:CNNVD-201912-963
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2020-03055 // 
            
            
            
            JVNDB: JVNDB-2019-013946 // 
            
            
            
            CNNVD: CNNVD-201912-963 // 
            
            
            
            NVD: CVE-2019-15911

REFERENCES
url:https://github.com/chengcheng227/cve-poc/blob/master/cve-2019-15911.md
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-15911
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15911
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2020-03055 // 
            
            
            
            JVNDB: JVNDB-2019-013946 // 
            
            
            
            CNNVD: CNNVD-201912-963 // 
            
            
            
            NVD: CVE-2019-15911

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2020-03055
db:JVNDBid:JVNDB-2019-013946
db:CNNVDid:CNNVD-201912-963
db:NVDid:CVE-2019-15911

LAST UPDATE DATE
2025-01-30T21:46:12.807000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-03055date:2020-01-21T00:00:00
db:JVNDBid:JVNDB-2019-013946date:2020-01-22T00:00:00
db:CNNVDid:CNNVD-201912-963date:2020-01-17T00:00:00
db:NVDid:CVE-2019-15911date:2024-11-21T04:29:42.660

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-03055date:2020-01-21T00:00:00
db:JVNDBid:JVNDB-2019-013946date:2020-01-22T00:00:00
db:CNNVDid:CNNVD-201912-963date:2019-12-20T00:00:00
db:NVDid:CVE-2019-15911date:2019-12-20T17:15:11.347