Find a vulnerability
Search criteria
2 vulnerabilities by comba
VAR-202003-0623
Vulnerability from variot - Updated: 2024-11-23 22:44Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real value, i.e., md5(md5(value)). Comba AP2600-I Devices contain vulnerabilities in insufficient protection of credentials.Information may be obtained. Comba Telecom AP2600-I is a wireless access point device from India's Comba Telecom.
Comba Telecom AP2600-I devices A02,0202N00PD2 and previous versions have security vulnerabilities that remote attackers can use to make special requests to exploit the vulnerability to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0623",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ap2600-i - a02 - 0202n00pd2",
"scope": "eq",
"trust": 1.0,
"vendor": "comba",
"version": "*"
},
{
"model": "ap2600-i - a02 - 0202n00pd2",
"scope": null,
"trust": 0.8,
"vendor": "comba",
"version": null
},
{
"model": "telecom ap2600-i devices a02",
"scope": null,
"trust": 0.6,
"vendor": "comba",
"version": null
},
{
"model": "telecom ap2600-i devices \u003c=0202n00pd2",
"scope": null,
"trust": 0.6,
"vendor": "comba",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22256"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015140"
},
{
"db": "NVD",
"id": "CVE-2019-15653"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:comba:ap2600-i_-_a02_-_0202n00pd2_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015140"
}
]
},
"cve": "CVE-2019-15653",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-15653",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015140",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-22256",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-15653",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015140",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15653",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-015140",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-22256",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1191",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-15653",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22256"
},
{
"db": "VULMON",
"id": "CVE-2019-15653"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015140"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1191"
},
{
"db": "NVD",
"id": "CVE-2019-15653"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real value, i.e., md5(md5(value)). Comba AP2600-I Devices contain vulnerabilities in insufficient protection of credentials.Information may be obtained. Comba Telecom AP2600-I is a wireless access point device from India\u0027s Comba Telecom. \n\r\n\r\nComba Telecom AP2600-I devices A02,0202N00PD2 and previous versions have security vulnerabilities that remote attackers can use to make special requests to exploit the vulnerability to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15653"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015140"
},
{
"db": "CNVD",
"id": "CNVD-2020-22256"
},
{
"db": "VULMON",
"id": "CVE-2019-15653"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15653",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015140",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-22256",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1191",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-15653",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22256"
},
{
"db": "VULMON",
"id": "CVE-2019-15653"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015140"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1191"
},
{
"db": "NVD",
"id": "CVE-2019-15653"
}
]
},
"id": "VAR-202003-0623",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22256"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22256"
}
]
},
"last_update_date": "2024-11-23T22:44:38.972000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PRESS ROOM",
"trust": 0.8,
"url": "https://www.comba-telecom.com/en/news"
},
{
"title": "WordPressRedTeam_BlueTeam",
"trust": 0.1,
"url": "https://github.com/joshgarlandreese/WordPressRedTeam_BlueTeam "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/nmuhammad22/UPennFinalProject "
},
{
"title": "WordPressRedTeam_BlueTeam",
"trust": 0.1,
"url": "https://github.com/joshgarlandreese/WordPressRedTeam "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-15653"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015140"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.8
},
{
"problemtype": "CWE-311",
"trust": 1.0
},
{
"problemtype": "CWE-327",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015140"
},
{
"db": "NVD",
"id": "CVE-2019-15653"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=26164"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15653"
},
{
"trust": 1.7,
"url": "https://www.comba-telecom.com/en/news"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15653"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/327.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/311.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/522.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/joshgarlandreese/wordpressredteam_blueteam"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22256"
},
{
"db": "VULMON",
"id": "CVE-2019-15653"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015140"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1191"
},
{
"db": "NVD",
"id": "CVE-2019-15653"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-22256"
},
{
"db": "VULMON",
"id": "CVE-2019-15653"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015140"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1191"
},
{
"db": "NVD",
"id": "CVE-2019-15653"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22256"
},
{
"date": "2020-03-19T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15653"
},
{
"date": "2020-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015140"
},
{
"date": "2020-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1191"
},
{
"date": "2020-03-19T18:15:13.647000",
"db": "NVD",
"id": "CVE-2019-15653"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22256"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15653"
},
{
"date": "2020-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015140"
},
{
"date": "2020-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1191"
},
{
"date": "2024-11-21T04:29:12.590000",
"db": "NVD",
"id": "CVE-2019-15653"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1191"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Comba AP2600-I Inadequate protection of credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015140"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1191"
}
],
"trust": 0.6
}
}
VAR-202003-0624
Vulnerability from variot - Updated: 2024-11-23 22:41Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesn't require any authentication and will lead to saving the DBconfig.cfg file. At the end of the file, the login information is stored in cleartext. Comba AP2600-I Devices contain vulnerabilities in insufficient protection of credentials.Information may be obtained. Comba Telecom AP2600-I is a wireless access point device from India's Comba Telecom.
The upcfgAction.php file in Comba Telecom AP2600-I devices A02,0202N00PD2 and previous versions has a security vulnerability, and remote attackers can use the special request to use the vulnerability to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0624",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac2400",
"scope": "eq",
"trust": 1.0,
"vendor": "comba",
"version": "*"
},
{
"model": "ap2600-i - a02 - 0202n00pd2",
"scope": null,
"trust": 0.8,
"vendor": "comba",
"version": null
},
{
"model": "telecom ap2600-i devices a02",
"scope": null,
"trust": 0.6,
"vendor": "comba",
"version": null
},
{
"model": "telecom ap2600-i devices \u003c=0202n00pd2",
"scope": null,
"trust": 0.6,
"vendor": "comba",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22257"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015141"
},
{
"db": "NVD",
"id": "CVE-2019-15654"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:comba:ap2600-i_-_a02_-_0202n00pd2_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015141"
}
]
},
"cve": "CVE-2019-15654",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-15654",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015141",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-22257",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-15654",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015141",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15654",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-015141",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-22257",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1192",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-15654",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22257"
},
{
"db": "VULMON",
"id": "CVE-2019-15654"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015141"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1192"
},
{
"db": "NVD",
"id": "CVE-2019-15654"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesn\u0027t require any authentication and will lead to saving the DBconfig.cfg file. At the end of the file, the login information is stored in cleartext. Comba AP2600-I Devices contain vulnerabilities in insufficient protection of credentials.Information may be obtained. Comba Telecom AP2600-I is a wireless access point device from India\u0027s Comba Telecom. \n\r\n\r\nThe upcfgAction.php file in Comba Telecom AP2600-I devices A02,0202N00PD2 and previous versions has a security vulnerability, and remote attackers can use the special request to use the vulnerability to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15654"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015141"
},
{
"db": "CNVD",
"id": "CNVD-2020-22257"
},
{
"db": "VULMON",
"id": "CVE-2019-15654"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15654",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015141",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-22257",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1192",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-15654",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22257"
},
{
"db": "VULMON",
"id": "CVE-2019-15654"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015141"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1192"
},
{
"db": "NVD",
"id": "CVE-2019-15654"
}
]
},
"id": "VAR-202003-0624",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22257"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22257"
}
]
},
"last_update_date": "2024-11-23T22:41:09.471000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PRESS ROOM",
"trust": 0.8,
"url": "https://www.comba-telecom.com/en/news"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2019-15654 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-15654"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015141"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "CWE-522",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015141"
},
{
"db": "NVD",
"id": "CVE-2019-15654"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=26164"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15654"
},
{
"trust": 1.7,
"url": "https://www.comba-telecom.com/en/news"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15654"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-15654"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22257"
},
{
"db": "VULMON",
"id": "CVE-2019-15654"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015141"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1192"
},
{
"db": "NVD",
"id": "CVE-2019-15654"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-22257"
},
{
"db": "VULMON",
"id": "CVE-2019-15654"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015141"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1192"
},
{
"db": "NVD",
"id": "CVE-2019-15654"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22257"
},
{
"date": "2020-03-19T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15654"
},
{
"date": "2020-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015141"
},
{
"date": "2020-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1192"
},
{
"date": "2020-03-19T18:15:13.740000",
"db": "NVD",
"id": "CVE-2019-15654"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22257"
},
{
"date": "2023-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15654"
},
{
"date": "2020-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015141"
},
{
"date": "2023-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1192"
},
{
"date": "2024-11-21T04:29:12.750000",
"db": "NVD",
"id": "CVE-2019-15654"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1192"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Comba AP2600-I Inadequate protection of credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015141"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1192"
}
],
"trust": 0.6
}
}