Details of VAR-202006-0891

ID

VAR-202006-0891

CVE

CVE-2019-19506

TITLE

Tenda PA6 Wi-Fi Powerline extender Infinite loop vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-015748

DESCRIPTION

Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the "homeplugd" process. By sending a specially crafted UDP packet, an attacker could exploit this vulnerability to cause the device to reboot. An attacker can use this vulnerability to execute arbitrary code or cause an application to crash

Trust: 2.7

sources: NVD: CVE-2019-19506 // JVNDB: JVNDB-2019-015748 // CNVD: CNVD-2020-35169 // CNVD: CNVD-2020-35170

IOT TAXONOMY

category:	['Network device']	sub_category:	-	Trust: 0.6
category:	['IoT', 'Network device']	sub_category:	-	Trust: 0.6

sources: CNVD: CNVD-2020-35169 // CNVD: CNVD-2020-35170

AFFECTED PRODUCTS

vendor:	tenda	model:	pa6 wi-fi powerline extender	scope:	eq	version:	1.0.1.21	Trust: 1.2
vendor:	tendacn	model:	pa6	scope:	eq	version:	1.0.1.21	Trust: 1.0
vendor:	tenda	model:	pa6	scope:	eq	version:	1.0.1.21	Trust: 0.8

sources: CNVD: CNVD-2020-35169 // CNVD: CNVD-2020-35170 // JVNDB: JVNDB-2019-015748 // NVD: CVE-2019-19506

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-19506
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2019-015748
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-35169
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2020-35170
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202006-1732
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-19506
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-015748
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-35169
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2020-35170
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-19506
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-015748
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-35169 // CNVD: CNVD-2020-35170 // JVNDB: JVNDB-2019-015748 // CNNVD: CNNVD-202006-1732 // NVD: CVE-2019-19506

PROBLEMTYPE DATA

problemtype:

CWE-835

Trust: 1.8

sources: JVNDB: JVNDB-2019-015748 // NVD: CVE-2019-19506

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1732

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-1732

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015748

PATCH

title:

PA6

url:

https://www.tendacn.com/en/product/pa6.html

Trust: 0.8

sources: JVNDB: JVNDB-2019-015748

EXTERNAL IDS

db:	NVD	id:	CVE-2019-19506	Trust: 3.6
db:	JVNDB	id:	JVNDB-2019-015748	Trust: 0.8
db:	CNVD	id:	CNVD-2020-35169	Trust: 0.6
db:	CNVD	id:	CNVD-2020-35170	Trust: 0.6
db:	NSFOCUS	id:	47000	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-1732	Trust: 0.6

sources: CNVD: CNVD-2020-35169 // CNVD: CNVD-2020-35170 // JVNDB: JVNDB-2019-015748 // CNNVD: CNNVD-202006-1732 // NVD: CVE-2019-19506

REFERENCES

url:	https://securityintelligence.com/posts/vulnerable-powerline-extenders-underline-lax-iot-security/	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19506	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19506	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/47000	Trust: 0.6

sources: CNVD: CNVD-2020-35169 // CNVD: CNVD-2020-35170 // JVNDB: JVNDB-2019-015748 // CNNVD: CNNVD-202006-1732 // NVD: CVE-2019-19506

SOURCES

db:	CNVD	id:	CNVD-2020-35169
db:	CNVD	id:	CNVD-2020-35170
db:	JVNDB	id:	JVNDB-2019-015748
db:	CNNVD	id:	CNNVD-202006-1732
db:	NVD	id:	CVE-2019-19506

LAST UPDATE DATE

2024-11-23T22:29:35.985000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-35169	date:	2020-06-30T00:00:00
db:	CNVD	id:	CNVD-2020-35170	date:	2020-06-30T00:00:00
db:	JVNDB	id:	JVNDB-2019-015748	date:	2020-08-13T00:00:00
db:	CNNVD	id:	CNNVD-202006-1732	date:	2020-07-09T00:00:00
db:	NVD	id:	CVE-2019-19506	date:	2024-11-21T04:34:51.313

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-35169	date:	2020-06-30T00:00:00
db:	CNVD	id:	CNVD-2020-35170	date:	2020-06-30T00:00:00
db:	JVNDB	id:	JVNDB-2019-015748	date:	2020-08-13T00:00:00
db:	CNNVD	id:	CNNVD-202006-1732	date:	2020-06-25T00:00:00
db:	NVD	id:	CVE-2019-19506	date:	2020-06-25T20:15:11.053