Sign-up

ID

VAR-202003-0623


CVE

CVE-2019-15653


TITLE

Comba AP2600-I Inadequate protection of credentials on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-015140

DESCRIPTION

Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real value, i.e., md5(md5(value)). Comba AP2600-I Devices contain vulnerabilities in insufficient protection of credentials.Information may be obtained. Comba Telecom AP2600-I is a wireless access point device from India's Comba Telecom. Comba Telecom AP2600-I devices A02,0202N00PD2 and previous versions have security vulnerabilities that remote attackers can use to make special requests to exploit the vulnerability to obtain sensitive information

Trust: 2.25

sources: NVD: CVE-2019-15653 // JVNDB: JVNDB-2019-015140 // CNVD: CNVD-2020-22256 // VULMON: CVE-2019-15653

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-22256

AFFECTED PRODUCTS

vendor:combamodel:ap2600-i - a02 - 0202n00pd2scope:eqversion:*

Trust: 1.0

vendor:combamodel:ap2600-i - a02 - 0202n00pd2scope: - version: -

Trust: 0.8

vendor:combamodel:telecom ap2600-i devices a02scope: - version: -

Trust: 0.6

vendor:combamodel:telecom ap2600-i devices <=0202n00pd2scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-22256 // JVNDB: JVNDB-2019-015140 // NVD: CVE-2019-15653

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15653
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-015140
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-22256
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-1191
value: HIGH

Trust: 0.6

VULMON: CVE-2019-15653
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-15653
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-015140
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-22256
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15653
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015140
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-22256 // VULMON: CVE-2019-15653 // JVNDB: JVNDB-2019-015140 // CNNVD: CNNVD-202003-1191 // NVD: CVE-2019-15653

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.8

problemtype:CWE-311

Trust: 1.0

problemtype:CWE-327

Trust: 1.0

sources: JVNDB: JVNDB-2019-015140 // NVD: CVE-2019-15653

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1191

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-1191

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015140

PATCH
title:PRESS ROOMurl:https://www.comba-telecom.com/en/news
Trust: 0.8
title:WordPressRedTeam_BlueTeamurl:https://github.com/joshgarlandreese/WordPressRedTeam_BlueTeam 
Trust: 0.1
title: - url:https://github.com/nmuhammad22/UPennFinalProject 
Trust: 0.1
title:WordPressRedTeam_BlueTeamurl:https://github.com/joshgarlandreese/WordPressRedTeam 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-15653 // 
            
            
            
            JVNDB: JVNDB-2019-015140

EXTERNAL IDS
db:NVDid:CVE-2019-15653
Trust: 3.1
db:JVNDBid:JVNDB-2019-015140
Trust: 0.8
db:CNVDid:CNVD-2020-22256
Trust: 0.6
db:CNNVDid:CNNVD-202003-1191
Trust: 0.6
db:VULMONid:CVE-2019-15653
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-22256 // 
            
            
            
            VULMON: CVE-2019-15653 // 
            
            
            
            JVNDB: JVNDB-2019-015140 // 
            
            
            
            CNNVD: CNNVD-202003-1191 // 
            
            
            
            NVD: CVE-2019-15653

REFERENCES
url:https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=26164
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-15653
Trust: 2.0
url:https://www.comba-telecom.com/en/news
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15653
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/327.html
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/311.html
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/522.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/joshgarlandreese/wordpressredteam_blueteam
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-22256 // 
            
            
            
            VULMON: CVE-2019-15653 // 
            
            
            
            JVNDB: JVNDB-2019-015140 // 
            
            
            
            CNNVD: CNNVD-202003-1191 // 
            
            
            
            NVD: CVE-2019-15653

SOURCES
db:CNVDid:CNVD-2020-22256
db:VULMONid:CVE-2019-15653
db:JVNDBid:JVNDB-2019-015140
db:CNNVDid:CNNVD-202003-1191
db:NVDid:CVE-2019-15653

LAST UPDATE DATE
2024-11-23T22:44:38.972000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-22256date:2020-04-10T00:00:00
db:VULMONid:CVE-2019-15653date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2019-015140date:2020-04-07T00:00:00
db:CNNVDid:CNNVD-202003-1191date:2020-04-08T00:00:00
db:NVDid:CVE-2019-15653date:2024-11-21T04:29:12.590

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-22256date:2020-04-10T00:00:00
db:VULMONid:CVE-2019-15653date:2020-03-19T00:00:00
db:JVNDBid:JVNDB-2019-015140date:2020-04-07T00:00:00
db:CNNVDid:CNNVD-202003-1191date:2020-03-19T00:00:00
db:NVDid:CVE-2019-15653date:2020-03-19T18:15:13.647