CVE-2019-9659

{"id": "CVE-2019-9659", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2019-03-11T15:29:00.247", "references": [{"url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2019-9659", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2019-9659", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-294"}]}], "descriptions": [{"lang": "en", "value": "The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System."}, {"lang": "es", "value": "La l\u00ednea de alarmas de antirrobo de 433 MHz de Chuango utiliza c\u00f3digo est\u00e1tico en el control RF remoto, permitiendo a un atacante armar, desarmar, o desencadenar la alarma de manera remota mediante ataques de reproducci\u00f3n, tal y como queda demostrado con los productos Chuango patentados y sus dem\u00e1s productos como el sistema de alarmas por wifi EM8617 OV2."}], "lastModified": "2024-11-21T04:52:04.237", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:chuango:wifi_alarm_system_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9B80ADC-00EE-448B-BEBB-71DD94E996C9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:chuango:wifi_alarm_system:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "44611F9D-70AC-4E48-8354-012C2ECFADCE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:chuango:wifi\\/cellular_smart_home_system_h4_plus_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE061D9D-7165-4D77-9754-5CE5D72A5AA4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:chuango:wifi\\/cellular_smart_home_system_h4_plus:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "18F33986-02BE-4432-B2B6-533268B349C4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:chuango:awv_plus_wifi_alarm_system_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B928D182-1F5E-4737-9D78-5BA47C56DDD1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:chuango:awv_plus_wifi_alarm_system:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "542967D5-1046-4986-AD09-E670CAF965FB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:chuango:g5w_3g_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C0277B5-3ADE-4B28-915F-C1F7F56B7546"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:chuango:g5w_3g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4DFB1915-79B1-4C4B-99F0-E3842513D490"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:chuango:g5_plus_gsm\\/sms\\/rfid_touch_alarm_system_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04E7D9C8-AF36-4993-B96E-EEF51F33CD2B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:chuango:g5_plus_gsm\\/sms\\/rfid_touch_alarm_system:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B14A21B7-7616-4650-AA20-CC030C6227A7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:chuango:g3_gsm\\/sms_alarm_system_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEAB8117-4951-47BD-8343-A8E8373EBE39"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:chuango:g3_gsm\\/sms_alarm_system:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FD5F3111-1708-43AC-B023-CFC15CEC24AB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:chuango:g5w_3g_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C0277B5-3ADE-4B28-915F-C1F7F56B7546"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:chuango:g5w_3g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4DFB1915-79B1-4C4B-99F0-E3842513D490"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:chuango:b11_dual-network_alarm_system_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "028CE8F9-8A5C-4FFB-928F-0D3C46AD2E4D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:chuango:b11_dual-network_alarm_system:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "75F01FFF-47A6-4042-BEC7-205E7EAD3D02"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:chuango:a8_pstn_alarm_system_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42CFD52D-6D88-4C90-9E46-026CE4AF0624"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:chuango:a8_pstn_alarm_system:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8FDDA44A-D74C-4B3A-A617-41130DA37C11"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:chuango:a11_pstn\\/lcd\\/rfid_touch_alarm_system_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A78DF59F-75C5-4EFD-8A89-DFDBFAAABF5D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:chuango:a11_pstn\\/lcd\\/rfid_touch_alarm_system:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "097E0DBA-4EB8-4E05-8A5C-EE73BEF48AC7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:chuango:cg-105s_on-site_alarm_system_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3495C003-1B3C-42AB-9616-1FD266A90A7F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:chuango:cg-105s_on-site_alarm_system:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D4814C26-3F89-4849-9E9E-485B5FC0BD68"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:eminent:em8617_ov2_wifi_alarm_system_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F307DB70-72EF-4F92-89E5-C6FFDC1B59EA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:eminent:em8617_ov2_wifi_alarm_system:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "01959745-EAEC-4F61-85DD-68E6C81EB664"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}