CVE-2019-17219

Published: Oct 6, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the device does not enforce any authentication. An adjacent attacker is able to use the network interface without proper access control.

Affected (2)

Products: Vzug: Combi Stream Mslq Firmware

Vzug

1 product

Combi Stream Mslq Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Vzug Combi Stream Mslq Firmware	Before ethernet_r07

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vzug Combi Stream Mslq Firmware	Before wlan_r05

Running on/with	Platform Versions
Vzug Combi Stream Mslq	All versions

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://vuldb.com/?id.134115

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.134115

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

Timeline

No history available yet.