Details of VAR-202005-0604

ID

VAR-202005-0604

CVE

CVE-2019-19515

TITLE

Ayision Ays-WR01 Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-39702 // CNNVD: CNNVD-202005-123

DESCRIPTION

Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in wireless settings. Ayision Ays-WR01 A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. Ayision Ays-WR01 is a wireless repeater of Ayision company in China. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow

Trust: 2.25

sources: NVD: CVE-2019-19515 // JVNDB: JVNDB-2019-015540 // CNVD: CNVD-2021-39702 // VULMON: CVE-2019-19515

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-39702

AFFECTED PRODUCTS

vendor:	ayision	model:	ays-wr01	scope:	eq	version:	v28k.rpt.20161224	Trust: 1.9
vendor:	ayision	model:	ays-wr01 v28k.rpt.20161224	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-39702 // VULMON: CVE-2019-19515 // JVNDB: JVNDB-2019-015540 // NVD: CVE-2019-19515

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-19515
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2019-015540
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-39702
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202005-123
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2019-19515
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-19515
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2019-015540
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-39702
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-19515
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-015540
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-39702 // VULMON: CVE-2019-19515 // JVNDB: JVNDB-2019-015540 // CNNVD: CNNVD-202005-123 // NVD: CVE-2019-19515

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2019-015540 // NVD: CVE-2019-19515

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-123

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202005-123

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015540

PATCH

title:

Top Page

url:

http://www.ayision.com/

Trust: 0.8

sources: JVNDB: JVNDB-2019-015540

EXTERNAL IDS

db:	NVD	id:	CVE-2019-19515	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-015540	Trust: 0.8
db:	CNVD	id:	CNVD-2021-39702	Trust: 0.6
db:	CNNVD	id:	CNNVD-202005-123	Trust: 0.6
db:	VULMON	id:	CVE-2019-19515	Trust: 0.1

sources: CNVD: CNVD-2021-39702 // VULMON: CVE-2019-19515 // JVNDB: JVNDB-2019-015540 // CNNVD: CNNVD-202005-123 // NVD: CVE-2019-19515

REFERENCES

url:	https://gist.github.com/cybersecurityup/26c5b032897630fe8407da4a8ef216d4	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19515	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19515	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19515\	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-39702 // VULMON: CVE-2019-19515 // JVNDB: JVNDB-2019-015540 // CNNVD: CNNVD-202005-123 // NVD: CVE-2019-19515

SOURCES

db:	CNVD	id:	CNVD-2021-39702
db:	VULMON	id:	CVE-2019-19515
db:	JVNDB	id:	JVNDB-2019-015540
db:	CNNVD	id:	CNNVD-202005-123
db:	NVD	id:	CVE-2019-19515

LAST UPDATE DATE

2024-11-23T22:41:05.575000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-39702	date:	2021-06-06T00:00:00
db:	VULMON	id:	CVE-2019-19515	date:	2020-05-07T00:00:00
db:	JVNDB	id:	JVNDB-2019-015540	date:	2020-06-04T00:00:00
db:	CNNVD	id:	CNNVD-202005-123	date:	2020-05-09T00:00:00
db:	NVD	id:	CVE-2019-19515	date:	2024-11-21T04:34:52.020

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-39702	date:	2021-06-06T00:00:00
db:	VULMON	id:	CVE-2019-19515	date:	2020-05-05T00:00:00
db:	JVNDB	id:	JVNDB-2019-015540	date:	2020-06-04T00:00:00
db:	CNNVD	id:	CNNVD-202005-123	date:	2020-05-05T00:00:00
db:	NVD	id:	CVE-2019-19515	date:	2020-05-05T17:15:15.990