CVE-2019-9657

Published: Jul 11, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control, a different issue than CVE-2018-19588. This occurs because of incorrect protection of VPN certificates (used for initiating a VPN session to the Alarm.com infrastructure) on the local camera device.

Affected (1)

Products: Alarm: Adc V522ir Firmware

1 product

Adc V522ir Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Alarm Adc V522ir Firmware	Version 0100b9

Running on/with	Platform Versions
Alarm Adc V522ir	All versions

Related CWEs

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://www.vfxcomputing.com/?CVE-2019-9657

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.vfxcomputing.com/?CVE-2019-9657

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.