Sign-up

ID

VAR-202001-0496


CVE

CVE-2019-16271


TITLE

DTEN D5 and D7 Lack of authentication for critical features on device vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-014155

DESCRIPTION

DTEN D5 and D7 before 1.3.2 devices allows remote attackers to read saved whiteboard image PDF documents via storage/emulated/0/Notes/PDF on TCP port 8080 without authentication. DTEN D5 and D7 The device is vulnerable to a lack of authentication for critical functions.Information may be obtained. DTEN D5 and DTEN D7 are both a stylus from DTEN. An attacker could use this vulnerability to read the stored electronic whiteboard image (PDF document) using the storage / emulated / 0 / Notes / PDF file system path

Trust: 2.16

sources: NVD: CVE-2019-16271 // JVNDB: JVNDB-2019-014155 // CNVD: CNVD-2020-03019

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-03019

AFFECTED PRODUCTS

vendor:dtenmodel:d7scope:ltversion:1.3.2

Trust: 2.4

vendor:dtenmodel:d5scope:ltversion:1.3.2

Trust: 2.4

vendor:dtenmodel:d5scope:eqversion: -

Trust: 0.6

vendor:dtenmodel:d7scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-03019 // JVNDB: JVNDB-2019-014155 // CNNVD: CNNVD-202001-131 // NVD: CVE-2019-16271

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-16271
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-16271
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-03019
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202001-131
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-16271
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-03019
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-16271
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-16271
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-03019 // JVNDB: JVNDB-2019-014155 // CNNVD: CNNVD-202001-131 // NVD: CVE-2019-16271

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.8

sources: JVNDB: JVNDB-2019-014155 // NVD: CVE-2019-16271

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202001-131

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014155

PATCH
title:Top Pageurl:https://dten.com/
Trust: 0.8
title:Patch for DTEN D5 and DTEN D7 Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/197239
Trust: 0.6
title:DTEN D5  and DTEN D7 Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108291
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-03019 // 
            
            
            
            JVNDB: JVNDB-2019-014155 // 
            
            
            
            CNNVD: CNNVD-202001-131

EXTERNAL IDS
db:NVDid:CVE-2019-16271
Trust: 3.0
db:JVNDBid:JVNDB-2019-014155
Trust: 0.8
db:CNVDid:CNVD-2020-03019
Trust: 0.6
db:CNNVDid:CNNVD-202001-131
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-03019 // 
            
            
            
            JVNDB: JVNDB-2019-014155 // 
            
            
            
            CNNVD: CNNVD-202001-131 // 
            
            
            
            NVD: CVE-2019-16271

REFERENCES
url:https://www.forescout.com/company/blog/dten-vulnerability/
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-16271
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16271
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-03019 // 
            
            
            
            JVNDB: JVNDB-2019-014155 // 
            
            
            
            CNNVD: CNNVD-202001-131 // 
            
            
            
            NVD: CVE-2019-16271

SOURCES
db:CNVDid:CNVD-2020-03019
db:JVNDBid:JVNDB-2019-014155
db:CNNVDid:CNNVD-202001-131
db:NVDid:CVE-2019-16271

LAST UPDATE DATE
2024-11-23T22:16:40.567000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-03019date:2020-01-21T00:00:00
db:JVNDBid:JVNDB-2019-014155date:2020-02-05T00:00:00
db:CNNVDid:CNNVD-202001-131date:2020-01-07T00:00:00
db:NVDid:CVE-2019-16271date:2024-11-21T04:30:25.390

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-03019date:2020-01-16T00:00:00
db:JVNDBid:JVNDB-2019-014155date:2020-02-05T00:00:00
db:CNNVDid:CNNVD-202001-131date:2020-01-06T00:00:00
db:NVDid:CVE-2019-16271date:2020-01-06T21:15:11.347