CVE-2019-6005

Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user's intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://jvn.jp/en/jp/JVN17127920/index.html	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:kddi:smart_tv_box_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:kddi:smart_tv_box:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-09-12 17:15

Updated : 2024-02-28 17:08

NVD link : CVE-2019-6005

Mitre link : CVE-2019-6005

CVE.ORG link : CVE-2019-6005

JSON object : View

Products Affected

kddi

smart_tv_box_firmware
smart_tv_box

CWE

NVD-CWE-noinfo

{"id": "CVE-2019-6005", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-09-12T17:15:14.500", "references": [{"url": "http://jvn.jp/en/jp/JVN17127920/index.html", "tags": ["Third Party Advisory"], "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user's intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP."}, {"lang": "es", "value": "Smart TV Box versi\u00f3n de firmware anterior a 1300, permite a atacantes remotos omitir la restricci\u00f3n de acceso para conducir operaciones arbitrarias sobre el dispositivo sin la intenci\u00f3n del usuario, como instalar un software arbitrario o cambiar la configuraci\u00f3n del dispositivo por medio del puerto 5555/TCP de Android Debug Bridge."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:kddi:smart_tv_box_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3571CD37-DFA6-4763-9B43-8DA632FBBEC9", "versionEndExcluding": "1300"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:kddi:smart_tv_box:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A75F58C1-922E-40EE-8702-D8CFB9CF06B2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vultures@jpcert.or.jp"}