Sign-up

ID

VAR-201912-1499


CVE

CVE-2019-15912


TITLE

plural ASUS Input validation vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-013868

DESCRIPTION

An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks. plural ASUS The product contains an input validation vulnerability.Denial of service (DoS) May be in a state. ASUS SmartHome Gateway HG100 and other products are products of ASUS, Taiwan. ASUS SmartHome Gateway HG100 is a smart home central control gateway device. ASUS WS-101 is a smart switch sensor. TS-101 is a temperature / humidity sensor. There are security vulnerabilities in ASUS SmartHome Gateway HG100 version 1.05.12, WS-101 version 1.05.12, and TS-101 version 1.05.12 (using ZigBee PRO). An attacker could use this vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2019-15912 // JVNDB: JVNDB-2019-013868 // CNVD: CNVD-2020-03054

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

category:['home & office device', 'network device']sub_category:smart home device

Trust: 0.1

category:['home & office device', 'network device']sub_category:gateway

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2020-03054

AFFECTED PRODUCTS

vendor:asusmodel:dl-101scope:eqversion: -

Trust: 2.2

vendor:asusmodel:ms-101scope:eqversion: -

Trust: 2.2

vendor:asusmodel:ws-101scope:eqversion: -

Trust: 2.2

vendor:asusmodel:mw100scope:eqversion: -

Trust: 2.2

vendor:asusmodel:as-101scope:eqversion: -

Trust: 1.6

vendor:asusmodel:hg100scope:eqversion: -

Trust: 1.6

vendor:asusmodel:ts-101scope:eqversion: -

Trust: 1.0

vendor:asustek computermodel:as101scope: - version: -

Trust: 0.8

vendor:asustek computermodel:dl101scope: - version: -

Trust: 0.8

vendor:asustek computermodel:hg100scope: - version: -

Trust: 0.8

vendor:asustek computermodel:ms-101scope: - version: -

Trust: 0.8

vendor:asustek computermodel:mw100scope: - version: -

Trust: 0.8

vendor:asustek computermodel:ts101scope: - version: -

Trust: 0.8

vendor:asustek computermodel:ws101scope: - version: -

Trust: 0.8

vendor:asusmodel:smarthome gateway hg100scope:eqversion:1.05.12

Trust: 0.6

vendor:asusmodel:smarthome gateway ws-101scope:eqversion:1.05.12

Trust: 0.6

vendor:asusmodel:smarthome gateway ts-101scope:eqversion:1.05.12

Trust: 0.6

sources: CNVD: CNVD-2020-03054 // JVNDB: JVNDB-2019-013868 // CNNVD: CNNVD-201912-964 // NVD: CVE-2019-15912

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15912
value: HIGH

Trust: 1.0

NVD: CVE-2019-15912
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-03054
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-964
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-15912
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-03054
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15912
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-15912
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-03054 // JVNDB: JVNDB-2019-013868 // CNNVD: CNNVD-201912-964 // NVD: CVE-2019-15912

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2019-013868 // NVD: CVE-2019-15912

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-964

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201912-964

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013868

PATCH
title:Top Pageurl:https://www.asus.com/sg/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-013868

EXTERNAL IDS
db:NVDid:CVE-2019-15912
Trust: 3.1
db:JVNDBid:JVNDB-2019-013868
Trust: 0.8
db:CNVDid:CNVD-2020-03054
Trust: 0.6
db:CNNVDid:CNNVD-201912-964
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2020-03054 // 
            
            
            
            JVNDB: JVNDB-2019-013868 // 
            
            
            
            CNNVD: CNNVD-201912-964 // 
            
            
            
            NVD: CVE-2019-15912

REFERENCES
url:https://github.com/chengcheng227/cve-poc/blob/master/cve-2019-15912_1.md
Trust: 2.4
url:https://github.com/chengcheng227/cve-poc/blob/master/cve-2019-15912_2.md
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-15912
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15912
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2020-03054 // 
            
            
            
            JVNDB: JVNDB-2019-013868 // 
            
            
            
            CNNVD: CNNVD-201912-964 // 
            
            
            
            NVD: CVE-2019-15912

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2020-03054
db:JVNDBid:JVNDB-2019-013868
db:CNNVDid:CNNVD-201912-964
db:NVDid:CVE-2019-15912

LAST UPDATE DATE
2025-01-30T21:08:45.315000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-03054date:2020-01-21T00:00:00
db:JVNDBid:JVNDB-2019-013868date:2020-01-20T00:00:00
db:CNNVDid:CNNVD-201912-964date:2020-01-08T00:00:00
db:NVDid:CVE-2019-15912date:2024-11-21T04:29:42.807

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-03054date:2020-01-21T00:00:00
db:JVNDBid:JVNDB-2019-013868date:2020-01-20T00:00:00
db:CNNVDid:CNNVD-201912-964date:2019-12-20T00:00:00
db:NVDid:CVE-2019-15912date:2019-12-20T17:15:11.427