Sign-up

ID

VAR-202001-0499


CVE

CVE-2019-16274


TITLE

DTEN D5 and D7 Lack of encryption of sensitive data on device vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-014082

DESCRIPTION

DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP. DTEN D5 and D7 The device is vulnerable to a lack of encryption of sensitive data.Information may be obtained. DTEN D5 and DTEN D7 are both a stylus from DTEN. An attacker could use this vulnerability to access PDF files or other sensitive files on a shared whiteboard

Trust: 2.16

sources: NVD: CVE-2019-16274 // JVNDB: JVNDB-2019-014082 // CNVD: CNVD-2020-03013

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-03013

AFFECTED PRODUCTS

vendor:dtenmodel:d5scope:ltversion:1.3

Trust: 2.4

vendor:dtenmodel:d7scope:ltversion:1.3

Trust: 2.4

vendor:dtenmodel:d5scope:eqversion: -

Trust: 0.6

vendor:dtenmodel:d7scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-03013 // JVNDB: JVNDB-2019-014082 // CNNVD: CNNVD-202001-127 // NVD: CVE-2019-16274

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-16274
value: HIGH

Trust: 1.0

NVD: CVE-2019-16274
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-03013
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202001-127
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2019-16274
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-03013
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-16274
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-16274
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-03013 // JVNDB: JVNDB-2019-014082 // CNNVD: CNNVD-202001-127 // NVD: CVE-2019-16274

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.0

problemtype:CWE-311

Trust: 0.8

sources: JVNDB: JVNDB-2019-014082 // NVD: CVE-2019-16274

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202001-127

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014082

PATCH
title:Top Pageurl:https://dten.com/
Trust: 0.8
title:Patch for DTEN D5 and DTEN D7 Information Disclosure Vulnerability (CNVD-2020-03013)url:https://www.cnvd.org.cn/patchInfo/show/197237
Trust: 0.6
title:DTEN D5  and DTEN D7 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108289
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-03013 // 
            
            
            
            JVNDB: JVNDB-2019-014082 // 
            
            
            
            CNNVD: CNNVD-202001-127

EXTERNAL IDS
db:NVDid:CVE-2019-16274
Trust: 3.0
db:JVNDBid:JVNDB-2019-014082
Trust: 0.8
db:CNVDid:CNVD-2020-03013
Trust: 0.6
db:CNNVDid:CNNVD-202001-127
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-03013 // 
            
            
            
            JVNDB: JVNDB-2019-014082 // 
            
            
            
            CNNVD: CNNVD-202001-127 // 
            
            
            
            NVD: CVE-2019-16274

REFERENCES
url:https://www.forescout.com/company/blog/dten-vulnerability/
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-16274
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16274
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-03013 // 
            
            
            
            JVNDB: JVNDB-2019-014082 // 
            
            
            
            CNNVD: CNNVD-202001-127 // 
            
            
            
            NVD: CVE-2019-16274

SOURCES
db:CNVDid:CNVD-2020-03013
db:JVNDBid:JVNDB-2019-014082
db:CNNVDid:CNNVD-202001-127
db:NVDid:CVE-2019-16274

LAST UPDATE DATE
2024-11-23T22:48:10.208000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-03013date:2020-01-21T00:00:00
db:JVNDBid:JVNDB-2019-014082date:2020-01-31T00:00:00
db:CNNVDid:CNNVD-202001-127date:2020-01-07T00:00:00
db:NVDid:CVE-2019-16274date:2024-11-21T04:30:25.863

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-03013date:2020-01-16T00:00:00
db:JVNDBid:JVNDB-2019-014082date:2020-01-31T00:00:00
db:CNNVDid:CNNVD-202001-127date:2020-01-06T00:00:00
db:NVDid:CVE-2019-16274date:2020-01-06T20:15:12.037