Sign-up

ID

VAR-202001-0497


CVE

CVE-2019-16272


TITLE

DTEN D5 and D7 Unauthorized authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-014080

DESCRIPTION

On DTEN D5 and D7 before 1.3.4 devices, factory settings allows for firmware reflash and Android Debug Bridge (adb) enablement. DTEN D5 and D7 The device contains an incorrect authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. DTEN D5 and DTEN D7 are both a stylus from DTEN. DTEN D5 and D7 security vulnerabilities in versions prior to 1.3.4. An attacker could use this vulnerability to obtain information (including Zoom conference content)

Trust: 2.16

sources: NVD: CVE-2019-16272 // JVNDB: JVNDB-2019-014080 // CNVD: CNVD-2020-03052

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-03052

AFFECTED PRODUCTS

vendor:dtenmodel:d7scope:ltversion:1.3.4

Trust: 2.4

vendor:dtenmodel:d5scope:ltversion:1.3.4

Trust: 2.4

sources: CNVD: CNVD-2020-03052 // JVNDB: JVNDB-2019-014080 // NVD: CVE-2019-16272

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-16272
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-16272
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-03052
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202001-125
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-16272
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-03052
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-16272
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-16272
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-03052 // JVNDB: JVNDB-2019-014080 // CNNVD: CNNVD-202001-125 // NVD: CVE-2019-16272

PROBLEMTYPE DATA

problemtype:CWE-1188

Trust: 1.0

problemtype:CWE-863

Trust: 0.8

sources: JVNDB: JVNDB-2019-014080 // NVD: CVE-2019-16272

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-125

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202001-125

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014080

PATCH
title:Top Pageurl:https://dten.com/
Trust: 0.8
title:Patch for DTEN D5 and DTEN D7 Information Disclosure Vulnerability (CNVD-2020-03052)url:https://www.cnvd.org.cn/patchInfo/show/197235
Trust: 0.6
title:DTEN D5  and DTEN D7 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108287
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-03052 // 
            
            
            
            JVNDB: JVNDB-2019-014080 // 
            
            
            
            CNNVD: CNNVD-202001-125

EXTERNAL IDS
db:NVDid:CVE-2019-16272
Trust: 3.0
db:JVNDBid:JVNDB-2019-014080
Trust: 0.8
db:CNVDid:CNVD-2020-03052
Trust: 0.6
db:CNNVDid:CNNVD-202001-125
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-03052 // 
            
            
            
            JVNDB: JVNDB-2019-014080 // 
            
            
            
            CNNVD: CNNVD-202001-125 // 
            
            
            
            NVD: CVE-2019-16272

REFERENCES
url:https://www.forescout.com/company/blog/dten-vulnerability/
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-16272
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16272
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-03052 // 
            
            
            
            JVNDB: JVNDB-2019-014080 // 
            
            
            
            CNNVD: CNNVD-202001-125 // 
            
            
            
            NVD: CVE-2019-16272

SOURCES
db:CNVDid:CNVD-2020-03052
db:JVNDBid:JVNDB-2019-014080
db:CNNVDid:CNNVD-202001-125
db:NVDid:CVE-2019-16272

LAST UPDATE DATE
2024-11-23T22:51:31.477000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-03052date:2020-01-21T00:00:00
db:JVNDBid:JVNDB-2019-014080date:2020-01-31T00:00:00
db:CNNVDid:CNNVD-202001-125date:2020-08-25T00:00:00
db:NVDid:CVE-2019-16272date:2024-11-21T04:30:25.550

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-03052date:2020-01-21T00:00:00
db:JVNDBid:JVNDB-2019-014080date:2020-01-31T00:00:00
db:CNNVDid:CNNVD-202001-125date:2020-01-06T00:00:00
db:NVDid:CVE-2019-16272date:2020-01-06T20:15:11.897