Search criteria
6 vulnerabilities found for Smart Battery A4 by Gigastone
VAR-201909-0869
Vulnerability from variot - Updated: 2024-11-23 22:33A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 allows an attacker to get/reset administrator’s password without any authentication. Smart Battery A4 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Smart Battery A4 is a portable power supply device. An attacker could exploit this vulnerability to obtain/reset the administrator password without authentication
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0869",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart battery a4",
"scope": "lte",
"trust": 1.0,
"vendor": "gigastone",
"version": "r1.7.9"
},
{
"model": "smart battery a4",
"scope": null,
"trust": 0.8,
"vendor": "gigastone",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009696"
},
{
"db": "NVD",
"id": "CVE-2019-15068"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gigastone:smart_battery_a4_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009696"
}
]
},
"cve": "CVE-2019-15068",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-15068",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-147077",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-15068",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15068",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15068",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-15068",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-1179",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-147077",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147077"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009696"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1179"
},
{
"db": "NVD",
"id": "CVE-2019-15068"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 allows an attacker to get/reset administrator\u2019s password without any authentication. Smart Battery A4 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Smart Battery A4 is a portable power supply device. An attacker could exploit this vulnerability to obtain/reset the administrator password without authentication",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15068"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009696"
},
{
"db": "VULHUB",
"id": "VHN-147077"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15068",
"trust": 2.5
},
{
"db": "TWCERT",
"id": "TVN-201908003",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009696",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1179",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-147077",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147077"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009696"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1179"
},
{
"db": "NVD",
"id": "CVE-2019-15068"
}
]
},
"id": "VAR-201909-0869",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-147077"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:33:45.589000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Smart Battery A4",
"trust": 0.8,
"url": "https://www.gigastone.com/EN/product/c/2/n/15"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009696"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "CWE-287",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147077"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009696"
},
{
"db": "NVD",
"id": "CVE-2019-15068"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.twcert.org.tw/subpages/servethepublic/public_document_details.aspx?lang=en-us\u0026id=45"
},
{
"trust": 1.7,
"url": "https://tvn.twcert.org.tw/taiwanvn/tvn-201908003"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15068"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15068"
},
{
"trust": 0.1,
"url": "https://www.twcert.org.tw/subpages/servethepublic/public_document_details.aspx?lang=en-us\u0026amp;id=45"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147077"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009696"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1179"
},
{
"db": "NVD",
"id": "CVE-2019-15068"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-147077"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009696"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1179"
},
{
"db": "NVD",
"id": "CVE-2019-15068"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-25T00:00:00",
"db": "VULHUB",
"id": "VHN-147077"
},
{
"date": "2019-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009696"
},
{
"date": "2019-09-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-1179"
},
{
"date": "2019-09-25T19:15:10.563000",
"db": "NVD",
"id": "CVE-2019-15068"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-147077"
},
{
"date": "2019-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009696"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-1179"
},
{
"date": "2024-11-21T04:27:59.363000",
"db": "NVD",
"id": "CVE-2019-15068"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-1179"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Smart Battery A4 Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009696"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-1179"
}
],
"trust": 0.6
}
}
VAR-201909-0870
Vulnerability from variot - Updated: 2024-11-23 22:16An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege. Smart Battery A4 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0870",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart battery a4",
"scope": "lte",
"trust": 1.0,
"vendor": "gigastone",
"version": "r1.7.9"
},
{
"model": "smart battery a4",
"scope": null,
"trust": 0.8,
"vendor": "gigastone",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009697"
},
{
"db": "NVD",
"id": "CVE-2019-15069"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gigastone:smart_battery_a4_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009697"
}
]
},
"cve": "CVE-2019-15069",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-15069",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-147078",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-15069",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15069",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15069",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-15069",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-1178",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-147078",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147078"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009697"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1178"
},
{
"db": "NVD",
"id": "CVE-2019-15069"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege. Smart Battery A4 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15069"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009697"
},
{
"db": "VULHUB",
"id": "VHN-147078"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15069",
"trust": 2.5
},
{
"db": "TWCERT",
"id": "TVN-201908004",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009697",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1178",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-147078",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147078"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009697"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1178"
},
{
"db": "NVD",
"id": "CVE-2019-15069"
}
]
},
"id": "VAR-201909-0870",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-147078"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:16:49.842000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Smart Battery A4",
"trust": 0.8,
"url": "https://www.gigastone.com/EN/product/c/2/n/15"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009697"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-287",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147078"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009697"
},
{
"db": "NVD",
"id": "CVE-2019-15069"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.twcert.org.tw/subpages/servethepublic/public_document_details.aspx?lang=en-us\u0026id=46"
},
{
"trust": 1.7,
"url": "https://tvn.twcert.org.tw/taiwanvn/tvn-201908004"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15069"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15069"
},
{
"trust": 0.1,
"url": "https://www.twcert.org.tw/subpages/servethepublic/public_document_details.aspx?lang=en-us\u0026amp;id=46"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147078"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009697"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1178"
},
{
"db": "NVD",
"id": "CVE-2019-15069"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-147078"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009697"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1178"
},
{
"db": "NVD",
"id": "CVE-2019-15069"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-25T00:00:00",
"db": "VULHUB",
"id": "VHN-147078"
},
{
"date": "2019-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009697"
},
{
"date": "2019-09-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-1178"
},
{
"date": "2019-09-25T19:15:10.627000",
"db": "NVD",
"id": "CVE-2019-15069"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-147078"
},
{
"date": "2019-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009697"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-1178"
},
{
"date": "2024-11-21T04:27:59.487000",
"db": "NVD",
"id": "CVE-2019-15069"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-1178"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Smart Battery A4 Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009697"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-1178"
}
],
"trust": 0.6
}
}
CVE-2019-15069 (GCVE-0-2019-15069)
Vulnerability from nvd – Published: 2019-09-25 18:10 – Updated: 2024-09-17 02:32
VLAI
Title
An unsafe authentication interface was discovered in Smart Battery A4
Summary
An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege.
Severity
No CVSS data available.
CWE
- unsafe authentication interface
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://tvn.twcert.org.tw/taiwanvn/TVN-201908004 | x_refsource_CONFIRM |
| https://www.twcert.org.tw/subpages/ServeThePublic… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Gigastone | Smart Battery A4 |
Unknown:
Firmware , ≤ r1.7.9
(custom)
|
Date Public
2019-09-24 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=46"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Battery A4",
"vendor": "Gigastone",
"versions": [
{
"lessThanOrEqual": "r1.7.9",
"status": "unknown",
"version": "Firmware",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
}
],
"datePublic": "2019-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unsafe authentication interface",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-25T18:10:15.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=46"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "An unsafe authentication interface was discovered in Smart Battery A4",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-09-24T16:00:00.000Z",
"ID": "CVE-2019-15069",
"STATE": "PUBLIC",
"TITLE": "An unsafe authentication interface was discovered in Smart Battery A4"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Battery A4",
"version": {
"version_data": [
{
"version_affected": "?\u003c=",
"version_name": "Firmware",
"version_value": "r1.7.9"
}
]
}
}
]
},
"vendor_name": "Gigastone"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unsafe authentication interface"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004"
},
{
"name": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=46",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=46"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-15069",
"datePublished": "2019-09-25T18:10:15.721Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:32:36.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15068 (GCVE-0-2019-15068)
Vulnerability from nvd – Published: 2019-09-25 18:10 – Updated: 2024-09-16 21:02
VLAI
Title
A broken access control vulnerability discovered in Smart Battery A4
Summary
A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 allows an attacker to get/reset administrator’s password without any authentication.
Severity
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://tvn.twcert.org.tw/taiwanvn/TVN-201908003 | x_refsource_CONFIRM |
| https://www.twcert.org.tw/subpages/ServeThePublic… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Gigastone | Smart Battery A4 |
Unknown:
Firmware , ≤ r1.7.9
(custom)
|
Date Public
2019-09-24 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=45"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Battery A4",
"vendor": "Gigastone",
"versions": [
{
"lessThanOrEqual": "r1.7.9",
"status": "unknown",
"version": "Firmware",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
}
],
"datePublic": "2019-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 allows an attacker to get/reset administrator\u2019s password without any authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-25T18:10:15.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=45"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "A broken access control vulnerability discovered in Smart Battery A4",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-09-24T16:00:00.000Z",
"ID": "CVE-2019-15068",
"STATE": "PUBLIC",
"TITLE": "A broken access control vulnerability discovered in Smart Battery A4"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Battery A4",
"version": {
"version_data": [
{
"version_affected": "?\u003c=",
"version_name": "Firmware",
"version_value": "r1.7.9"
}
]
}
}
]
},
"vendor_name": "Gigastone"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 allows an attacker to get/reset administrator\u2019s password without any authentication."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003"
},
{
"name": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=45",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=45"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-15068",
"datePublished": "2019-09-25T18:10:15.674Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:02:47.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15069 (GCVE-0-2019-15069)
Vulnerability from cvelistv5 – Published: 2019-09-25 18:10 – Updated: 2024-09-17 02:32
VLAI
Title
An unsafe authentication interface was discovered in Smart Battery A4
Summary
An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege.
Severity
No CVSS data available.
CWE
- unsafe authentication interface
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://tvn.twcert.org.tw/taiwanvn/TVN-201908004 | x_refsource_CONFIRM |
| https://www.twcert.org.tw/subpages/ServeThePublic… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Gigastone | Smart Battery A4 |
Unknown:
Firmware , ≤ r1.7.9
(custom)
|
Date Public
2019-09-24 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=46"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Battery A4",
"vendor": "Gigastone",
"versions": [
{
"lessThanOrEqual": "r1.7.9",
"status": "unknown",
"version": "Firmware",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
}
],
"datePublic": "2019-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unsafe authentication interface",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-25T18:10:15.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=46"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "An unsafe authentication interface was discovered in Smart Battery A4",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-09-24T16:00:00.000Z",
"ID": "CVE-2019-15069",
"STATE": "PUBLIC",
"TITLE": "An unsafe authentication interface was discovered in Smart Battery A4"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Battery A4",
"version": {
"version_data": [
{
"version_affected": "?\u003c=",
"version_name": "Firmware",
"version_value": "r1.7.9"
}
]
}
}
]
},
"vendor_name": "Gigastone"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unsafe authentication interface"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004"
},
{
"name": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=46",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=46"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-15069",
"datePublished": "2019-09-25T18:10:15.721Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:32:36.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15068 (GCVE-0-2019-15068)
Vulnerability from cvelistv5 – Published: 2019-09-25 18:10 – Updated: 2024-09-16 21:02
VLAI
Title
A broken access control vulnerability discovered in Smart Battery A4
Summary
A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 allows an attacker to get/reset administrator’s password without any authentication.
Severity
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://tvn.twcert.org.tw/taiwanvn/TVN-201908003 | x_refsource_CONFIRM |
| https://www.twcert.org.tw/subpages/ServeThePublic… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Gigastone | Smart Battery A4 |
Unknown:
Firmware , ≤ r1.7.9
(custom)
|
Date Public
2019-09-24 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=45"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Battery A4",
"vendor": "Gigastone",
"versions": [
{
"lessThanOrEqual": "r1.7.9",
"status": "unknown",
"version": "Firmware",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
}
],
"datePublic": "2019-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 allows an attacker to get/reset administrator\u2019s password without any authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-25T18:10:15.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=45"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "A broken access control vulnerability discovered in Smart Battery A4",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-09-24T16:00:00.000Z",
"ID": "CVE-2019-15068",
"STATE": "PUBLIC",
"TITLE": "A broken access control vulnerability discovered in Smart Battery A4"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Battery A4",
"version": {
"version_data": [
{
"version_affected": "?\u003c=",
"version_name": "Firmware",
"version_value": "r1.7.9"
}
]
}
}
]
},
"vendor_name": "Gigastone"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 allows an attacker to get/reset administrator\u2019s password without any authentication."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003"
},
{
"name": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=45",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=45"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-15068",
"datePublished": "2019-09-25T18:10:15.674Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:02:47.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}