Sign-up

ID

VAR-202407-2571


CVE

CVE-2019-20462


TITLE

Alecto IVM-100 2019-11-12 Information Disclosure

Trust: 0.1

sources: PACKETSTORM: 179811

DESCRIPTION

An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device comes with a serial interface at the board level. By attaching to this serial interface and rebooting the device, a large amount of information is disclosed. This includes the view password and the password of the Wi-Fi access point that the device used. ------------------------------------------ [Vulnerability Type] Incorrect Access Control ------------------------------------------ [Vendor of Product] Alecto ------------------------------------------ [Affected Product Code Base] Alecto IVM-100 - unknown. ------------------------------------------ [Attack Type] Physical ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [Attack Vectors] An attacker needs to open up the device and physically attach wires as well as reboot the device. ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Willem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with The Dutch consumer organisation ------------------------------------------ [Reference] https://www.alecto.nl Use CVE-2019-20462

Trust: 0.99

sources: NVD: CVE-2019-20462 // PACKETSTORM: 179811

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2019-20462
value: MEDIUM

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2019-20462
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: NVD: CVE-2019-20462

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

sources: NVD: CVE-2019-20462

TYPE

info disclosure

Trust: 0.1

sources: PACKETSTORM: 179811

EXTERNAL IDS

db:NVDid:CVE-2019-20462

Trust: 1.2

db:OTHERid:NONE

Trust: 0.1

db:PACKETSTORMid:179811

Trust: 0.1

sources: OTHER: None // PACKETSTORM: 179811 // NVD: CVE-2019-20462

REFERENCES

url:https://www.alecto.nl

Trust: 1.1

url:https://seclists.org/fulldisclosure/2024/jul/14

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-20462

Trust: 0.1

sources: PACKETSTORM: 179811 // NVD: CVE-2019-20462

CREDITS

Willem Westerhof | Secura

Trust: 0.1

sources: OTHER: None

SOURCES

db:OTHERid: -
db:PACKETSTORMid:179811
db:NVDid:CVE-2019-20462

LAST UPDATE DATE

2025-02-11T22:31:33.473000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2019-20462date:2025-02-10T23:15:10.283

SOURCES RELEASE DATE

db:OTHERid: - date:2024-07-26T13:11:06
db:PACKETSTORMid:179811date:2024-07-30T12:35:43
db:NVDid:CVE-2019-20462date:2024-11-07T21:15:05.470