Sign-up

ID

VAR-202002-0491


CVE

CVE-2019-19196


TITLE

Telink Semiconductor BLE SDK of plural TLSR Classic buffer overflow vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-014663

DESCRIPTION

The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices accepts a pairing request with a key size greater than 16 bytes, allowing an attacker in radio range to cause a buffer overflow and denial of service (crash) via crafted packets. Telink Semiconductor BLE SDK of TLSR8x5x , TLSR823x , TLSR826x Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2019-19196 // JVNDB: JVNDB-2019-014663 // VULMON: CVE-2019-19196

IOT TAXONOMY

category:['network device']sub_category:bluetooth device

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:telink semimodel:tlsr8258 ble sdkscope:lteversion:3.4.0

Trust: 1.0

vendor:telink semimodel:tlsr8251 ble sdkscope:lteversion:3.4.0

Trust: 1.0

vendor:telink semimodel:tlsr8253 ble sdkscope:lteversion:3.4.0

Trust: 1.0

vendor:telink semimodel:tlsr8232 ble sdkscope:lteversion:1.3.0

Trust: 1.0

vendor:telink semimodel:tlsr8269 ble sdkscope:lteversion:3.3

Trust: 1.0

vendor:telinkmodel:tlsr8232 ble sdkscope:eqversion:1.3.0

Trust: 0.8

vendor:telinkmodel:tlsr8251 ble sdkscope:eqversion:3.4.0

Trust: 0.8

vendor:telinkmodel:tlsr8253 ble sdkscope:eqversion:3.4.0

Trust: 0.8

vendor:telinkmodel:tlsr8258 ble sdkscope:eqversion:3.4.0

Trust: 0.8

vendor:telinkmodel:tlsr8269 ble sdkscope:eqversion:3.3

Trust: 0.8

sources: JVNDB: JVNDB-2019-014663 // NVD: CVE-2019-19196

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19196
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-014663
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202002-660
value: MEDIUM

Trust: 0.6

VULMON: CVE-2019-19196
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-19196
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-014663
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2019-19196
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014663
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2019-19196 // JVNDB: JVNDB-2019-014663 // CNNVD: CNNVD-202002-660 // NVD: CVE-2019-19196

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2019-014663 // NVD: CVE-2019-19196

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202002-660

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202002-660

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014663

PATCH
title:Top Pageurl:http://www.telink-semi.com/
Trust: 0.8
title:sweyntooth_bluetooth_low_energy_attacksurl:https://github.com/Matheus-Garbelini/sweyntooth_bluetooth_low_energy_attacks 
Trust: 0.1
title: - url:https://github.com/sd258sos/bluetooth-security-app 
Trust: 0.1
title:awesome-bluetooth-securityurl:https://github.com/engn33r/awesome-bluetooth-security 
Trust: 0.1
title: - url:https://github.com/JeffroMF/awesome-bluetooth-security321 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-19196 // 
            
            
            
            JVNDB: JVNDB-2019-014663

EXTERNAL IDS
db:NVDid:CVE-2019-19196
Trust: 2.6
db:ICS CERT ALERTid:ICS-ALERT-20-063-01
Trust: 0.8
db:JVNDBid:JVNDB-2019-014663
Trust: 0.8
db:CNNVDid:CNNVD-202002-660
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:VULMONid:CVE-2019-19196
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULMON: CVE-2019-19196 // 
            
            
            
            JVNDB: JVNDB-2019-014663 // 
            
            
            
            CNNVD: CNNVD-202002-660 // 
            
            
            
            NVD: CVE-2019-19196

REFERENCES
url:https://asset-group.github.io/disclosures/sweyntooth/
Trust: 2.5
url:http://www.telink-semi.com/ble
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-19196
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19196
Trust: 0.8
url:https://www.us-cert.gov/ics/alerts/ics-alert-20-063-01
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/120.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/matheus-garbelini/sweyntooth_bluetooth_low_energy_attacks
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULMON: CVE-2019-19196 // 
            
            
            
            JVNDB: JVNDB-2019-014663 // 
            
            
            
            CNNVD: CNNVD-202002-660 // 
            
            
            
            NVD: CVE-2019-19196

SOURCES
db:OTHERid: - 
db:VULMONid:CVE-2019-19196
db:JVNDBid:JVNDB-2019-014663
db:CNNVDid:CNNVD-202002-660
db:NVDid:CVE-2019-19196

LAST UPDATE DATE
2025-01-30T20:03:55.914000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2019-19196date:2020-02-25T00:00:00
db:JVNDBid:JVNDB-2019-014663date:2020-03-27T00:00:00
db:CNNVDid:CNNVD-202002-660date:2023-05-18T00:00:00
db:NVDid:CVE-2019-19196date:2024-11-21T04:34:18.323

SOURCES RELEASE DATE
db:VULMONid:CVE-2019-19196date:2020-02-12T00:00:00
db:JVNDBid:JVNDB-2019-014663date:2020-03-09T00:00:00
db:CNNVDid:CNNVD-202002-660date:2020-02-12T00:00:00
db:NVDid:CVE-2019-19196date:2020-02-12T15:15:12.147