Sign-up

ID

VAR-202006-0749


CVE

CVE-2019-16213


TITLE

Tenda PA6 Wi-Fi Powerline extender In OS Command injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-015735

DESCRIPTION

Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary commands on the system with root privileges. (DoS) It may be put into a state

Trust: 2.16

sources: NVD: CVE-2019-16213 // JVNDB: JVNDB-2019-015735 // CNVD: CNVD-2020-35168

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

category:['network device']sub_category:Wi-Fi range extender

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2020-35168

AFFECTED PRODUCTS

vendor:tendacnmodel:pa6scope:eqversion:1.0.1.21

Trust: 1.0

vendor:tendamodel:pa6scope:eqversion:1.0.1.21

Trust: 0.8

vendor:tendamodel:pa6 wi-fi powerline extenderscope:eqversion:1.0.1.21

Trust: 0.6

sources: CNVD: CNVD-2020-35168 // JVNDB: JVNDB-2019-015735 // NVD: CVE-2019-16213

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-16213
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-015735
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-35168
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202006-1730
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-16213
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015735
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-35168
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-16213
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015735
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-35168 // JVNDB: JVNDB-2019-015735 // CNNVD: CNNVD-202006-1730 // NVD: CVE-2019-16213

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2019-015735 // NVD: CVE-2019-16213

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1730

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202006-1730

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015735

PATCH
title:PA6url:https://www.tendacn.com/en/product/pa6.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-015735

EXTERNAL IDS
db:NVDid:CVE-2019-16213
Trust: 3.1
db:JVNDBid:JVNDB-2019-015735
Trust: 0.8
db:CNVDid:CNVD-2020-35168
Trust: 0.6
db:NSFOCUSid:47014
Trust: 0.6
db:CNNVDid:CNNVD-202006-1730
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2020-35168 // 
            
            
            
            JVNDB: JVNDB-2019-015735 // 
            
            
            
            CNNVD: CNNVD-202006-1730 // 
            
            
            
            NVD: CVE-2019-16213

REFERENCES
url:https://securityintelligence.com/posts/vulnerable-powerline-extenders-underline-lax-iot-security/
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-16213
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16213
Trust: 0.8
url:http://www.nsfocus.net/vulndb/47014
Trust: 0.6
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2020-35168 // 
            
            
            
            JVNDB: JVNDB-2019-015735 // 
            
            
            
            CNNVD: CNNVD-202006-1730 // 
            
            
            
            NVD: CVE-2019-16213

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2020-35168
db:JVNDBid:JVNDB-2019-015735
db:CNNVDid:CNNVD-202006-1730
db:NVDid:CVE-2019-16213

LAST UPDATE DATE
2025-01-30T22:06:48.550000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-35168date:2020-06-30T00:00:00
db:JVNDBid:JVNDB-2019-015735date:2020-08-05T00:00:00
db:CNNVDid:CNNVD-202006-1730date:2020-07-02T00:00:00
db:NVDid:CVE-2019-16213date:2024-11-21T04:30:17.110

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-35168date:2020-06-30T00:00:00
db:JVNDBid:JVNDB-2019-015735date:2020-08-05T00:00:00
db:CNNVDid:CNNVD-202006-1730date:2020-06-25T00:00:00
db:NVDid:CVE-2019-16213date:2020-06-25T20:15:10.943