Sign-up

ID

VAR-202007-0513


CVE

CVE-2019-15312


TITLE

Linkplay Input verification vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-015777

DESCRIPTION

An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS rebinding attack. The device was found to be vulnerable to DNS rebinding. Combined with one of the many /httpapi.asp endpoint command-execution security issues, the DNS rebinding attack could allow an attacker to compromise the victim device from the Internet. Linkplay There is an input verification vulnerability in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Anker Zolo Halo is a smart speaker from Anker Company in the Philippines. There are security vulnerabilities in Linkplay firmware. Attackers can use this vulnerability to execute code

Trust: 2.16

sources: NVD: CVE-2019-15312 // JVNDB: JVNDB-2019-015777 // CNVD: CNVD-2021-18052

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-18052

AFFECTED PRODUCTS

vendor:linkplaymodel:linkplayscope:eqversion: -

Trust: 1.0

vendor:linkplaymodel:linkplayscope: - version: -

Trust: 0.8

vendor:ankermodel:linkplayscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-18052 // JVNDB: JVNDB-2019-015777 // NVD: CVE-2019-15312

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15312
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-015777
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-18052
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202007-096
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-15312
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015777
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-18052
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15312
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015777
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-18052 // JVNDB: JVNDB-2019-015777 // CNNVD: CNNVD-202007-096 // NVD: CVE-2019-15312

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2019-015777 // NVD: CVE-2019-15312

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-096

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202007-096

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015777

PATCH
title:Linkplayurl:https://linkplay.com/featured-products/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-015777

EXTERNAL IDS
db:NVDid:CVE-2019-15312
Trust: 3.0
db:JVNDBid:JVNDB-2019-015777
Trust: 0.8
db:CNVDid:CNVD-2021-18052
Trust: 0.6
db:CNNVDid:CNNVD-202007-096
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-18052 // 
            
            
            
            JVNDB: JVNDB-2019-015777 // 
            
            
            
            CNNVD: CNNVD-202007-096 // 
            
            
            
            NVD: CVE-2019-15312

REFERENCES
url:https://labs.f-secure.com/advisories/linkplay-firmware-wanlan-remote-code-execution/
Trust: 2.4
url:https://linkplay.com/featured-products/
Trust: 1.6
url:https://labs.mwrinfosecurity.com/advisories/
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-15312
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15312
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-015777 // 
            
            
            
            CNNVD: CNNVD-202007-096 // 
            
            
            
            NVD: CVE-2019-15312

SOURCES
db:CNVDid:CNVD-2021-18052
db:JVNDBid:JVNDB-2019-015777
db:CNNVDid:CNNVD-202007-096
db:NVDid:CVE-2019-15312

LAST UPDATE DATE
2024-11-23T22:05:34.682000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-18052date:2021-03-17T00:00:00
db:JVNDBid:JVNDB-2019-015777date:2020-09-04T00:00:00
db:CNNVDid:CNNVD-202007-096date:2022-03-10T00:00:00
db:NVDid:CVE-2019-15312date:2024-11-21T04:28:25.637

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-18052date:2021-03-17T00:00:00
db:JVNDBid:JVNDB-2019-015777date:2020-09-04T00:00:00
db:CNNVDid:CNNVD-202007-096date:2020-07-01T00:00:00
db:NVDid:CVE-2019-15312date:2020-07-01T20:15:10.923