CVE-2019-15912

Published: Dec 20, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks.

Affected (7)

Products: Asus: Hg100 Firmware, Mw100 Firmware, Ws 101 Firmware, Ts 101 Firmware, As 101 Firmware, Ms 101 Firmware, Dl 101 Firmware

7 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Hg100 Firmware	All versions

Running on/with	Platform Versions
Asus Hg100	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Mw100 Firmware	All versions

Running on/with	Platform Versions
Asus Mw100	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Ws 101 Firmware	All versions

Running on/with	Platform Versions
Asus Ws 101	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Ts 101 Firmware	All versions

Running on/with	Platform Versions
Asus Ts 101	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus As 101 Firmware	All versions

Running on/with	Platform Versions
Asus As 101	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Ms 101 Firmware	All versions

Running on/with	Platform Versions
Asus Ms 101	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Dl 101 Firmware	All versions

Running on/with	Platform Versions
Asus Dl 101	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15912_1.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15912_2.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15912_1.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15912_2.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.