FKIE_CVE-2019-13473

Vulnerability from fkie_nvd - Published: 2019-09-11 19:15 - Updated: 2024-11-21 04:24
Severity
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have an undocumented TELNET service within the BusyBox subsystem, leading to root access.
References
cve@mitre.orghttp://packetstormsecurity.com/files/154416/Dabman-And-Imperial-Web-Radio-Devices-Undocumented-Telnet-Backdoor.htmlExploit, Third Party Advisory, VDB Entry
cve@mitre.orghttp://packetstormsecurity.com/files/174503/Internet-Radio-auna-IR-160-SE-UIProto-DoS-XSS-Missing-Authentication.html
cve@mitre.orghttp://seclists.org/fulldisclosure/2023/Sep/1
cve@mitre.orghttps://www.vulnerability-lab.com/get_content.php?id=2183Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/154416/Dabman-And-Imperial-Web-Radio-Devices-Undocumented-Telnet-Backdoor.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/174503/Internet-Radio-auna-IR-160-SE-UIProto-DoS-XSS-Missing-Authentication.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2023/Sep/1
af854a3a-2127-422b-91ae-364da2661108https://www.vulnerability-lab.com/get_content.php?id=2183Exploit, Third Party Advisory
Impacted products
Vendor Product Version
telestar bobs_rock_radio_firmware -
telestar bobs_rock_radio -
telestar dabman_d10_firmware -
telestar dabman_d10 -
telestar dabman_i30_stereo_firmware -
telestar dabman_i30_stereo -
telestar imperial_i110_firmware -
telestar imperial_i110 -
telestar imperial_i150_firmware -
telestar imperial_i150 -
telestar imperial_i200_firmware -
telestar imperial_i200 -
telestar imperial_i200-cd_firmware -
telestar imperial_i200-cd -
telestar imperial_i400_firmware -
telestar imperial_i400 -
telestar imperial_i450_firmware -
telestar imperial_i450 -
telestar imperial_i500-bt_firmware -
telestar imperial_i500-bt -
telestar imperial_i600_firmware -
telestar imperial_i600 -
auna connect_100_firmware -
auna connect_100 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:telestar:bobs_rock_radio_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E17F5D40-3E6A-4C0B-8F28-5D96F45FE273",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:telestar:bobs_rock_radio:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF18181F-B99B-483C-B779-38C2C84179D0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:telestar:dabman_d10_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68DFF28E-E5AA-4047-AF18-A80A15EC6CEB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:telestar:dabman_d10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3FE4C9-6A4D-4919-9843-CCC1CB26D67A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:telestar:dabman_i30_stereo_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "254CA4AF-3CC3-4CDA-AAF5-88835F6B6BFC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:telestar:dabman_i30_stereo:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "65031EB4-579B-4E6D-9066-27756D021F4E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:telestar:imperial_i110_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89245799-021A-4D8B-8539-B705BDB39E9B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:telestar:imperial_i110:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC789F3B-1D46-4646-A798-8ABF326E772E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:telestar:imperial_i150_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2626170-1D7F-4B16-B6D9-D3015E2444E0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:telestar:imperial_i150:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "478E93CC-8681-4307-ABBD-1C036FBC61A4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:telestar:imperial_i200_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91ADE9C-14DF-44F8-8310-6657482C365D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:telestar:imperial_i200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E20E36FC-CD25-4E84-BB9E-E3225C26252A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:telestar:imperial_i200-cd_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8B9F1D2-9A67-43E3-B0F2-ED657E3444F7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:telestar:imperial_i200-cd:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3584EFD9-E2F5-4DD2-8CB0-F4F70A095B2B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:telestar:imperial_i400_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77C4CBB3-EE19-41FC-BD5C-22B5828D7BE4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:telestar:imperial_i400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F084C2EF-EDB5-444E-B41C-3D09C844C99D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:telestar:imperial_i450_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "70788B50-9E5E-4246-A79D-67C0F3BFEF2D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:telestar:imperial_i450:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BE2E73A-6C2A-4EE1-ADB3-B91A86BE1138",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:telestar:imperial_i500-bt_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "30B6A1C7-E1AB-4B3C-A074-978F147F9A2B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:telestar:imperial_i500-bt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B854016E-329B-470C-B0AA-6C45109EA81A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:telestar:imperial_i600_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "414960F2-B667-4949-9534-15C0D71D77DE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:telestar:imperial_i600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E80EDE7-635A-41A9-93FD-17C3D773C3DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:auna:connect_100_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C005B276-EA66-4AF2-AA7B-5F0F583D4B54",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:auna:connect_100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ADFE934-5C1E-4640-97D0-923A647D4A2D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have an undocumented TELNET service within the BusyBox subsystem, leading to root access."
    },
    {
      "lang": "es",
      "value": "TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt e Imperial i600 TN81HH96-g102h-g102, poseen un servicio TELNET no documentado dentro del subsistema BusyBox, conllevando al acceso root."
    }
  ],
  "id": "CVE-2019-13473",
  "lastModified": "2024-11-21T04:24:58.320",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-09-11T19:15:11.593",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/154416/Dabman-And-Imperial-Web-Radio-Devices-Undocumented-Telnet-Backdoor.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/174503/Internet-Radio-auna-IR-160-SE-UIProto-DoS-XSS-Missing-Authentication.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2023/Sep/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.vulnerability-lab.com/get_content.php?id=2183"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/154416/Dabman-And-Imperial-Web-Radio-Devices-Undocumented-Telnet-Backdoor.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/174503/Internet-Radio-auna-IR-160-SE-UIProto-DoS-XSS-Missing-Authentication.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2023/Sep/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.vulnerability-lab.com/get_content.php?id=2183"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.