Lucene search

MitreCVE-2019-19142

HistoryJan 17, 2020 - 2:15 a.m.

CVE-2019-19142

2020-01-1702:15:11

CWE-306

mitre

web.nvd.nist.gov

112

cve-2019-19142

intelbras wrn240

firmware

authentication

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.5

Confidence

High

EPSS

0.016

Percentile

87.6%

JSON

Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI.

Affected configurations

Nvd

Node

intelbraswrn_240_firmwareMatch2.0.0

AND

intelbraswrn_240Match-

VendorProductVersionCPE
intelbraswrn_240_firmware2.0.0cpe:2.3:o:intelbras:wrn_240_firmware:2.0.0:*:*:*:*:*:*:*
intelbraswrn_240-cpe:2.3:h:intelbras:wrn_240:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
intelbras	wrn_240_firmware	2.0.0	cpe:2.3:o:intelbras:wrn_240_firmware:2.0.0:::::::*
intelbras	wrn_240	-	cpe:2.3:h:intelbras:wrn_240:-:::::::*

References

packetstormsecurity.com/files/156589/Intelbras-Wireless-N-150Mbps-WRN240-Authentication-Bypass.html

fireshellsecurity.team/hack-n-routers/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.5

Confidence

High

EPSS

0.016

Percentile

87.6%

JSON

Related for CVE-2019-19142