Sign-up

ID

VAR-202001-0498


CVE

CVE-2019-16273


TITLE

DTEN D5 and D7 Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-014081

DESCRIPTION

DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge (adb), leading to arbitrary code execution and system administration. Also, this provides a covert ability to capture screen data from the Zoom Client on Windows by executing commands on the Android OS. DTEN D5 and D7 The device contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. DTEN D5 and DTEN D7 are both a stylus from DTEN. DTEN D5 and D7 security vulnerabilities in versions prior to 1.3.4. An attacker could use this vulnerability to perform system management and execute arbitrary code to obtain the data displayed by the Zoom Client

Trust: 2.16

sources: NVD: CVE-2019-16273 // JVNDB: JVNDB-2019-014081 // CNVD: CNVD-2020-03014

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-03014

AFFECTED PRODUCTS

vendor:dtenmodel:d7scope:ltversion:1.3.4

Trust: 2.4

vendor:dtenmodel:d5scope:ltversion:1.3.4

Trust: 2.4

sources: CNVD: CNVD-2020-03014 // JVNDB: JVNDB-2019-014081 // NVD: CVE-2019-16273

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-16273
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-16273
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-03014
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202001-126
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-16273
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-03014
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-16273
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-16273
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-03014 // JVNDB: JVNDB-2019-014081 // CNNVD: CNNVD-202001-126 // NVD: CVE-2019-16273

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-287

Trust: 0.8

sources: JVNDB: JVNDB-2019-014081 // NVD: CVE-2019-16273

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-126

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202001-126

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014081

PATCH
title:Top Pageurl:https://dten.com/
Trust: 0.8
title:Patch for DTEN D5 and DTEN D7 code execution vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/197241
Trust: 0.6
title:DTEN D5  and DTEN D7 Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108288
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-03014 // 
            
            
            
            JVNDB: JVNDB-2019-014081 // 
            
            
            
            CNNVD: CNNVD-202001-126

EXTERNAL IDS
db:NVDid:CVE-2019-16273
Trust: 3.0
db:JVNDBid:JVNDB-2019-014081
Trust: 0.8
db:CNVDid:CNVD-2020-03014
Trust: 0.6
db:CNNVDid:CNNVD-202001-126
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-03014 // 
            
            
            
            JVNDB: JVNDB-2019-014081 // 
            
            
            
            CNNVD: CNNVD-202001-126 // 
            
            
            
            NVD: CVE-2019-16273

REFERENCES
url:https://www.forescout.com/company/blog/dten-vulnerability/
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-16273
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16273
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-03014 // 
            
            
            
            JVNDB: JVNDB-2019-014081 // 
            
            
            
            CNNVD: CNNVD-202001-126 // 
            
            
            
            NVD: CVE-2019-16273

SOURCES
db:CNVDid:CNVD-2020-03014
db:JVNDBid:JVNDB-2019-014081
db:CNNVDid:CNNVD-202001-126
db:NVDid:CVE-2019-16273

LAST UPDATE DATE
2024-11-23T22:11:40.193000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-03014date:2020-01-21T00:00:00
db:JVNDBid:JVNDB-2019-014081date:2020-01-31T00:00:00
db:CNNVDid:CNNVD-202001-126date:2020-08-25T00:00:00
db:NVDid:CVE-2019-16273date:2024-11-21T04:30:25.720

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-03014date:2020-01-16T00:00:00
db:JVNDBid:JVNDB-2019-014081date:2020-01-31T00:00:00
db:CNNVDid:CNNVD-202001-126date:2020-01-06T00:00:00
db:NVDid:CVE-2019-16273date:2020-01-06T20:15:11.960