Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for Smart Battery A4 by Gigastone

    VAR-201909-0869

    Vulnerability from variot - Updated: 2024-11-23 22:33

    A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 allows an attacker to get/reset administrator’s password without any authentication. Smart Battery A4 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Smart Battery A4 is a portable power supply device. An attacker could exploit this vulnerability to obtain/reset the administrator password without authentication

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201909-0869",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "smart battery a4",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "gigastone",
            "version": "r1.7.9"
          },
          {
            "model": "smart battery a4",
            "scope": null,
            "trust": 0.8,
            "vendor": "gigastone",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009696"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15068"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:gigastone:smart_battery_a4_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009696"
          }
        ]
      },
      "cve": "CVE-2019-15068",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-15068",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-147077",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-15068",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-15068",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-15068",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-15068",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201909-1179",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-147077",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-147077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009696"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-1179"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15068"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 allows an attacker to get/reset administrator\u2019s password without any authentication. Smart Battery A4 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Smart Battery A4 is a portable power supply device. An attacker could exploit this vulnerability to obtain/reset the administrator password without authentication",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-15068"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009696"
          },
          {
            "db": "VULHUB",
            "id": "VHN-147077"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-15068",
            "trust": 2.5
          },
          {
            "db": "TWCERT",
            "id": "TVN-201908003",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009696",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-1179",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-147077",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-147077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009696"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-1179"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15068"
          }
        ]
      },
      "id": "VAR-201909-0869",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-147077"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:33:45.589000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Smart Battery A4",
            "trust": 0.8,
            "url": "https://www.gigastone.com/EN/product/c/2/n/15"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009696"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-306",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-284",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-287",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-147077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009696"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15068"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.twcert.org.tw/subpages/servethepublic/public_document_details.aspx?lang=en-us\u0026id=45"
          },
          {
            "trust": 1.7,
            "url": "https://tvn.twcert.org.tw/taiwanvn/tvn-201908003"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15068"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15068"
          },
          {
            "trust": 0.1,
            "url": "https://www.twcert.org.tw/subpages/servethepublic/public_document_details.aspx?lang=en-us\u0026amp;id=45"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-147077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009696"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-1179"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15068"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-147077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009696"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-1179"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15068"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-09-25T00:00:00",
            "db": "VULHUB",
            "id": "VHN-147077"
          },
          {
            "date": "2019-09-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-009696"
          },
          {
            "date": "2019-09-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201909-1179"
          },
          {
            "date": "2019-09-25T19:15:10.563000",
            "db": "NVD",
            "id": "CVE-2019-15068"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-147077"
          },
          {
            "date": "2019-09-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-009696"
          },
          {
            "date": "2020-10-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201909-1179"
          },
          {
            "date": "2024-11-21T04:27:59.363000",
            "db": "NVD",
            "id": "CVE-2019-15068"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-1179"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Smart Battery A4 Authentication vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009696"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "access control error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-1179"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201909-0870

    Vulnerability from variot - Updated: 2024-11-23 22:16

    An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege. Smart Battery A4 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201909-0870",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "smart battery a4",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "gigastone",
            "version": "r1.7.9"
          },
          {
            "model": "smart battery a4",
            "scope": null,
            "trust": 0.8,
            "vendor": "gigastone",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009697"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15069"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:gigastone:smart_battery_a4_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009697"
          }
        ]
      },
      "cve": "CVE-2019-15069",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-15069",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-147078",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-15069",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-15069",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-15069",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-15069",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201909-1178",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-147078",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-147078"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009697"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-1178"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15069"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege. Smart Battery A4 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-15069"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009697"
          },
          {
            "db": "VULHUB",
            "id": "VHN-147078"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-15069",
            "trust": 2.5
          },
          {
            "db": "TWCERT",
            "id": "TVN-201908004",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009697",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-1178",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-147078",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-147078"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009697"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-1178"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15069"
          }
        ]
      },
      "id": "VAR-201909-0870",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-147078"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:16:49.842000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Smart Battery A4",
            "trust": 0.8,
            "url": "https://www.gigastone.com/EN/product/c/2/n/15"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009697"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-287",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-147078"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009697"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15069"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.twcert.org.tw/subpages/servethepublic/public_document_details.aspx?lang=en-us\u0026id=46"
          },
          {
            "trust": 1.7,
            "url": "https://tvn.twcert.org.tw/taiwanvn/tvn-201908004"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15069"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15069"
          },
          {
            "trust": 0.1,
            "url": "https://www.twcert.org.tw/subpages/servethepublic/public_document_details.aspx?lang=en-us\u0026amp;id=46"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-147078"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009697"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-1178"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15069"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-147078"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009697"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-1178"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15069"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-09-25T00:00:00",
            "db": "VULHUB",
            "id": "VHN-147078"
          },
          {
            "date": "2019-09-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-009697"
          },
          {
            "date": "2019-09-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201909-1178"
          },
          {
            "date": "2019-09-25T19:15:10.627000",
            "db": "NVD",
            "id": "CVE-2019-15069"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-147078"
          },
          {
            "date": "2019-09-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-009697"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201909-1178"
          },
          {
            "date": "2024-11-21T04:27:59.487000",
            "db": "NVD",
            "id": "CVE-2019-15069"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-1178"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Smart Battery A4 Authentication vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-009697"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201909-1178"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2019-15069 (GCVE-0-2019-15069)

    Vulnerability from nvd – Published: 2019-09-25 18:10 – Updated: 2024-09-17 02:32
    VLAI
    Title
    An unsafe authentication interface was discovered in Smart Battery A4
    Summary
    An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege.
    Severity
    No CVSS data available.
    CWE
    • unsafe authentication interface
    Assigner
    References
    Impacted products
    Vendor Product Version
    Gigastone Smart Battery A4 Unknown: Firmware , ≤ r1.7.9 (custom)
    Create a notification for this product.
    Date Public
    2019-09-24 00:00
    Credits
    Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.338Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=46"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Smart Battery A4",
              "vendor": "Gigastone",
              "versions": [
                {
                  "lessThanOrEqual": "r1.7.9",
                  "status": "unknown",
                  "version": "Firmware",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
            }
          ],
          "datePublic": "2019-09-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "unsafe authentication interface",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-25T18:10:15.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=46"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "An unsafe authentication interface was discovered in Smart Battery A4",
          "x_generator": {
            "engine": "Vulnogram 0.0.8"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2019-09-24T16:00:00.000Z",
              "ID": "CVE-2019-15069",
              "STATE": "PUBLIC",
              "TITLE": "An unsafe authentication interface was discovered in Smart Battery A4"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Smart Battery A4",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "?\u003c=",
                                "version_name": "Firmware",
                                "version_value": "r1.7.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Gigastone"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.8"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "unsafe authentication interface"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004",
                  "refsource": "CONFIRM",
                  "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004"
                },
                {
                  "name": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=46",
                  "refsource": "CONFIRM",
                  "url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=46"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2019-15069",
        "datePublished": "2019-09-25T18:10:15.721Z",
        "dateReserved": "2019-08-15T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:32:36.703Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15068 (GCVE-0-2019-15068)

    Vulnerability from nvd – Published: 2019-09-25 18:10 – Updated: 2024-09-16 21:02
    VLAI
    Title
    A broken access control vulnerability discovered in Smart Battery A4
    Summary
    A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 allows an attacker to get/reset administrator’s password without any authentication.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Gigastone Smart Battery A4 Unknown: Firmware , ≤ r1.7.9 (custom)
    Create a notification for this product.
    Date Public
    2019-09-24 00:00
    Credits
    Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.177Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=45"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Smart Battery A4",
              "vendor": "Gigastone",
              "versions": [
                {
                  "lessThanOrEqual": "r1.7.9",
                  "status": "unknown",
                  "version": "Firmware",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
            }
          ],
          "datePublic": "2019-09-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 allows an attacker to get/reset administrator\u2019s password without any authentication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-25T18:10:15.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=45"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "A broken access control vulnerability discovered in Smart Battery A4",
          "x_generator": {
            "engine": "Vulnogram 0.0.8"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2019-09-24T16:00:00.000Z",
              "ID": "CVE-2019-15068",
              "STATE": "PUBLIC",
              "TITLE": "A broken access control vulnerability discovered in Smart Battery A4"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Smart Battery A4",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "?\u003c=",
                                "version_name": "Firmware",
                                "version_value": "r1.7.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Gigastone"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 allows an attacker to get/reset administrator\u2019s password without any authentication."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.8"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003",
                  "refsource": "CONFIRM",
                  "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003"
                },
                {
                  "name": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=45",
                  "refsource": "CONFIRM",
                  "url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=45"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2019-15068",
        "datePublished": "2019-09-25T18:10:15.674Z",
        "dateReserved": "2019-08-15T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:02:47.178Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15069 (GCVE-0-2019-15069)

    Vulnerability from cvelistv5 – Published: 2019-09-25 18:10 – Updated: 2024-09-17 02:32
    VLAI
    Title
    An unsafe authentication interface was discovered in Smart Battery A4
    Summary
    An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege.
    Severity
    No CVSS data available.
    CWE
    • unsafe authentication interface
    Assigner
    References
    Impacted products
    Vendor Product Version
    Gigastone Smart Battery A4 Unknown: Firmware , ≤ r1.7.9 (custom)
    Create a notification for this product.
    Date Public
    2019-09-24 00:00
    Credits
    Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.338Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=46"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Smart Battery A4",
              "vendor": "Gigastone",
              "versions": [
                {
                  "lessThanOrEqual": "r1.7.9",
                  "status": "unknown",
                  "version": "Firmware",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
            }
          ],
          "datePublic": "2019-09-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "unsafe authentication interface",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-25T18:10:15.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=46"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "An unsafe authentication interface was discovered in Smart Battery A4",
          "x_generator": {
            "engine": "Vulnogram 0.0.8"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2019-09-24T16:00:00.000Z",
              "ID": "CVE-2019-15069",
              "STATE": "PUBLIC",
              "TITLE": "An unsafe authentication interface was discovered in Smart Battery A4"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Smart Battery A4",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "?\u003c=",
                                "version_name": "Firmware",
                                "version_value": "r1.7.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Gigastone"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.8"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "unsafe authentication interface"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004",
                  "refsource": "CONFIRM",
                  "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004"
                },
                {
                  "name": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=46",
                  "refsource": "CONFIRM",
                  "url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=46"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2019-15069",
        "datePublished": "2019-09-25T18:10:15.721Z",
        "dateReserved": "2019-08-15T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:32:36.703Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15068 (GCVE-0-2019-15068)

    Vulnerability from cvelistv5 – Published: 2019-09-25 18:10 – Updated: 2024-09-16 21:02
    VLAI
    Title
    A broken access control vulnerability discovered in Smart Battery A4
    Summary
    A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 allows an attacker to get/reset administrator’s password without any authentication.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Gigastone Smart Battery A4 Unknown: Firmware , ≤ r1.7.9 (custom)
    Create a notification for this product.
    Date Public
    2019-09-24 00:00
    Credits
    Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.177Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=45"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Smart Battery A4",
              "vendor": "Gigastone",
              "versions": [
                {
                  "lessThanOrEqual": "r1.7.9",
                  "status": "unknown",
                  "version": "Firmware",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
            }
          ],
          "datePublic": "2019-09-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 allows an attacker to get/reset administrator\u2019s password without any authentication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-25T18:10:15.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=45"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "A broken access control vulnerability discovered in Smart Battery A4",
          "x_generator": {
            "engine": "Vulnogram 0.0.8"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2019-09-24T16:00:00.000Z",
              "ID": "CVE-2019-15068",
              "STATE": "PUBLIC",
              "TITLE": "A broken access control vulnerability discovered in Smart Battery A4"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Smart Battery A4",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "?\u003c=",
                                "version_name": "Firmware",
                                "version_value": "r1.7.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Gigastone"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 allows an attacker to get/reset administrator\u2019s password without any authentication."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.8"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003",
                  "refsource": "CONFIRM",
                  "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003"
                },
                {
                  "name": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=45",
                  "refsource": "CONFIRM",
                  "url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=45"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2019-15068",
        "datePublished": "2019-09-25T18:10:15.674Z",
        "dateReserved": "2019-08-15T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:02:47.178Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }