Sign-up

ID

VAR-202004-0276


CVE

CVE-2020-11539


TITLE

D-Link DIR-615 T1 Vulnerability in improperly limiting excessive authentication attempts on devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-004959

DESCRIPTION

An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It has been identified that the smart band has no pairing (mode 0 Bluetooth LE security level) The data being transmitted over the air is not encrypted. Adding to this, the data being sent to the smart band doesn't have any authentication or signature verification. Thus, any attacker can control a parameter of the device. D-Link DIR-615 T1 The device is vulnerable to improper restrictions on excessive authentication attempts.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The product supports functions such as calorie counting and sleep tracking

Trust: 2.97

sources: NVD: CVE-2020-11539 // JVNDB: JVNDB-2020-004959 // JVNDB: JVNDB-2020-004960 // CNVD: CNVD-2020-32899 // VULMON: CVE-2020-11539

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

category:['wearable device']sub_category:smartwatch

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2020-32899

AFFECTED PRODUCTS

vendor:titanmodel:sf rush smart bandscope:eqversion:1.12

Trust: 1.0

vendor:d linkmodel:dir-615scope:eqversion:20.10

Trust: 0.8

vendor:titanmodel:sf rush smartscope:eqversion:1.12

Trust: 0.8

vendor:tatamodel:sonata smart sf rushscope:eqversion:1.12

Trust: 0.6

sources: CNVD: CNVD-2020-32899 // JVNDB: JVNDB-2020-004959 // JVNDB: JVNDB-2020-004960 // NVD: CVE-2020-11539

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-11539
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-004959
value: HIGH

Trust: 0.8

NVD: JVNDB-2020-004960
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-32899
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1867
value: HIGH

Trust: 0.6

VULMON: CVE-2020-11539
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-11539
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-004959
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD: JVNDB-2020-004960
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-32899
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-11539
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004959
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

NVD: JVNDB-2020-004960
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-32899 // VULMON: CVE-2020-11539 // JVNDB: JVNDB-2020-004959 // JVNDB: JVNDB-2020-004960 // CNNVD: CNNVD-202004-1867 // NVD: CVE-2020-11539

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.0

problemtype:CWE-347

Trust: 1.0

problemtype:CWE-306

Trust: 1.0

problemtype:CWE-307

Trust: 0.8

problemtype:CWE-345

Trust: 0.8

sources: JVNDB: JVNDB-2020-004959 // JVNDB: JVNDB-2020-004960 // NVD: CVE-2020-11539

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1867

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202004-1867

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004959

PATCH
title:DIR-615url:http://www.dlink.ru/ru/products/5/2067.html
Trust: 0.8
title:Top Pageurl:https://www.titancompany.in/
Trust: 0.8
title:CVE-2020-11539: Improper Access Control in Tata Sonata Smartbandurl:https://github.com/the-girl-who-lived/CVE-2020-11539 
Trust: 0.1
title:PoC in GitHuburl:https://github.com/soosmile/POC 
Trust: 0.1
title:PoC in GitHuburl:https://github.com/developer3000S/PoC-in-GitHub 
Trust: 0.1
title:PoC in GitHuburl:https://github.com/hectorgie/PoC-in-GitHub 
Trust: 0.1
title:PoC in GitHuburl:https://github.com/0xT11/CVE-POC 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-11539 // 
            
            
            
            JVNDB: JVNDB-2020-004959 // 
            
            
            
            JVNDB: JVNDB-2020-004960

EXTERNAL IDS
db:NVDid:CVE-2020-11539
Trust: 4.0
db:JVNDBid:JVNDB-2020-004959
Trust: 0.8
db:JVNDBid:JVNDB-2020-004960
Trust: 0.8
db:CNVDid:CNVD-2020-32899
Trust: 0.6
db:CNNVDid:CNNVD-202004-1867
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:VULMONid:CVE-2020-11539
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2020-32899 // 
            
            
            
            VULMON: CVE-2020-11539 // 
            
            
            
            JVNDB: JVNDB-2020-004959 // 
            
            
            
            JVNDB: JVNDB-2020-004960 // 
            
            
            
            CNNVD: CNNVD-202004-1867 // 
            
            
            
            NVD: CVE-2020-11539

REFERENCES
url:https://github.com/the-girl-who-lived/cve-2020-11539/
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2020-11539
Trust: 2.0
url:https://medium.com/%40sayliambure/hacking-a-5-smartband-824763ab6e8f
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17525
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-17525
Trust: 0.8
url:https://github.com/huzaifahussain98/cve-2019-17525/
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11539
Trust: 0.8
url:https://medium.com/@sayliambure/hacking-a-5-smartband-824763ab6e8f
Trust: 0.6
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/347.html
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/306.html
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/319.html
Trust: 0.1
url:https://github.com/the-girl-who-lived/cve-2020-11539
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2020-32899 // 
            
            
            
            VULMON: CVE-2020-11539 // 
            
            
            
            JVNDB: JVNDB-2020-004959 // 
            
            
            
            JVNDB: JVNDB-2020-004960 // 
            
            
            
            CNNVD: CNNVD-202004-1867 // 
            
            
            
            NVD: CVE-2020-11539

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2020-32899
db:VULMONid:CVE-2020-11539
db:JVNDBid:JVNDB-2020-004959
db:JVNDBid:JVNDB-2020-004960
db:CNNVDid:CNNVD-202004-1867
db:NVDid:CVE-2020-11539

LAST UPDATE DATE
2025-01-30T21:59:40.404000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-32899date:2020-06-14T00:00:00
db:VULMONid:CVE-2020-11539date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2020-004959date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2020-004960date:2020-06-03T00:00:00
db:CNNVDid:CNNVD-202004-1867date:2020-05-06T00:00:00
db:NVDid:CVE-2020-11539date:2024-11-21T04:58:06.653

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-32899date:2020-06-13T00:00:00
db:VULMONid:CVE-2020-11539date:2020-04-22T00:00:00
db:JVNDBid:JVNDB-2020-004959date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2020-004960date:2020-06-03T00:00:00
db:CNNVDid:CNNVD-202004-1867date:2020-04-22T00:00:00
db:NVDid:CVE-2020-11539date:2020-04-22T14:15:12.347