CVE-2019-15911

Published: Dec 20, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Because of insecure key transport in ZigBee communication, attackers can obtain sensitive information, cause the multiple denial of service attacks, take over smart home devices, and tamper with messages.

Affected (7)

Products: Asus: Hg100 Firmware, Mw100 Firmware, Ws 101 Firmware, Ts 101 Firmware, As 101 Firmware, Ms 101 Firmware, Dl 101 Firmware

7 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Hg100 Firmware	All versions

Running on/with	Platform Versions
Asus Hg100	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Mw100 Firmware	All versions

Running on/with	Platform Versions
Asus Mw100	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Ws 101 Firmware	All versions

Running on/with	Platform Versions
Asus Ws 101	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Ts 101 Firmware	All versions

Running on/with	Platform Versions
Asus Ts 101	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus As 101 Firmware	All versions

Running on/with	Platform Versions
Asus As 101	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Ms 101 Firmware	All versions

Running on/with	Platform Versions
Asus Ms 101	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Dl 101 Firmware	All versions

Running on/with	Platform Versions
Asus Dl 101	All versions

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15911.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15911.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.