CVE-2019-11061 (GCVE-0-2019-11061)

Vulnerability from cvelistv5 – Published: 2019-08-29 00:18 – Updated: 2024-09-16 20:22
VLAI
Title
HG100 has a broken access control vulnerability in its Web API Server
Summary
A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
Severity
10 (Critical)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE
  • Boken Access Control
Assigner
References
Impacted products
Vendor Product Version
ASUS HG100 firmware Affected: up to 4.00.0.6
Create a notification for this product.
Date Public
2019-08-20 00:00
Credits
timhuang
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:40:16.125Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906003"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://surl.twcert.org.tw/5df6x"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/tim124058/ASUS-SmartHome-Exploit/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "HG100 firmware",
          "vendor": "ASUS",
          "versions": [
            {
              "status": "affected",
              "version": "up to 4.00.0.6"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "timhuang"
        }
      ],
      "datePublic": "2019-08-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Boken Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-04T12:36:03.000Z",
        "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "shortName": "twcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906003"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://surl.twcert.org.tw/5df6x"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/tim124058/ASUS-SmartHome-Exploit/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "HG100 has a broken access control vulnerability in its Web API Server",
      "x_generator": {
        "engine": "Vulnogram 0.0.7"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@cert.org.tw",
          "DATE_PUBLIC": "2019-08-20T16:00:00.000Z",
          "ID": "CVE-2019-11061",
          "STATE": "PUBLIC",
          "TITLE": "HG100 has a broken access control vulnerability in its Web API Server"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "HG100 firmware",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "up to 4.00.0.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ASUS"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "timhuang"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.7"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Boken Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906003",
              "refsource": "CONFIRM",
              "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906003"
            },
            {
              "name": "http://surl.twcert.org.tw/5df6x",
              "refsource": "CONFIRM",
              "url": "http://surl.twcert.org.tw/5df6x"
            },
            {
              "name": "https://github.com/tim124058/ASUS-SmartHome-Exploit/",
              "refsource": "CONFIRM",
              "url": "https://github.com/tim124058/ASUS-SmartHome-Exploit/"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
    "assignerShortName": "twcert",
    "cveId": "CVE-2019-11061",
    "datePublished": "2019-08-29T00:18:59.682Z",
    "dateReserved": "2019-04-09T00:00:00.000Z",
    "dateUpdated": "2024-09-16T20:22:13.629Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-11061",
      "date": "2026-05-27",
      "epss": "0.11613",
      "percentile": "0.9375"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-11061\",\"sourceIdentifier\":\"twcert@cert.org.tw\",\"published\":\"2019-08-29T01:15:10.930\",\"lastModified\":\"2024-11-21T04:20:27.743\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de control de acceso interrumpida en las versiones de firmware HG100 hasta 4.00.06 permite que un atacante en la misma red de \u00e1rea local controle dispositivos IoT que se conectan a s\u00ed mismos mediante http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 Puntuaci\u00f3n Base 10 (Impactos de Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"twcert@cert.org.tw\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":4.8,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.5,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:hg100_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.00.09\",\"matchCriteriaId\":\"5B3A41D7-B16C-4FA5-89A3-BF761FEF8444\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:hg100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFEFB004-6477-408B-A114-8ABCA8AC8D19\"}]}]}],\"references\":[{\"url\":\"http://surl.twcert.org.tw/5df6x\",\"source\":\"twcert@cert.org.tw\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/tim124058/ASUS-SmartHome-Exploit/\",\"source\":\"twcert@cert.org.tw\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://tvn.twcert.org.tw/taiwanvn/TVN-201906003\",\"source\":\"twcert@cert.org.tw\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://surl.twcert.org.tw/5df6x\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/tim124058/ASUS-SmartHome-Exploit/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://tvn.twcert.org.tw/taiwanvn/TVN-201906003\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.