Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
13 vulnerabilities found for GPON by HiNET
VAR-201910-0921
Vulnerability from variot - Updated: 2023-12-18 13:23HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication. HiNet GPON There are authentication vulnerabilities in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Chunghwa Telecom HiNet GPON is an optical modem of Chunghwa Telecom, Taiwan.
Chunghwa Telecom HiNet GPON using firmware earlier than I040GWR190731 has a security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0921",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gpon",
"scope": "lt",
"trust": 1.8,
"vendor": "hinet",
"version": "i040gwr190731"
},
{
"model": "telecom chunghwa telecom hinet gpon \u003ci040gwr190731",
"scope": null,
"trust": 0.6,
"vendor": "chunghwa",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38471"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011097"
},
{
"db": "NVD",
"id": "CVE-2019-15064"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hinet:gpon_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "i040gwr190731",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hinet:gpon:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15064"
}
]
},
"cve": "CVE-2019-15064",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-15064",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-38471",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15064",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-15064",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-38471",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1210",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38471"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011097"
},
{
"db": "NVD",
"id": "CVE-2019-15064"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1210"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HiNet GPON firmware version \u003c I040GWR190731 allows an attacker login to device without any authentication. HiNet GPON There are authentication vulnerabilities in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Chunghwa Telecom HiNet GPON is an optical modem of Chunghwa Telecom, Taiwan. \n\nChunghwa Telecom HiNet GPON using firmware earlier than I040GWR190731 has a security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15064"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011097"
},
{
"db": "CNVD",
"id": "CNVD-2019-38471"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15064",
"trust": 3.0
},
{
"db": "TWCERT EN",
"id": "CP-128-3015-170FE-2",
"trust": 2.4
},
{
"db": "TWCERT",
"id": "TVN-201908007",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011097",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-38471",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1210",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38471"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011097"
},
{
"db": "NVD",
"id": "CVE-2019-15064"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1210"
}
]
},
"id": "VAR-201910-0921",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38471"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38471"
}
]
},
"last_update_date": "2023-12-18T13:23:31.477000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.hinet.net/"
},
{
"title": "Patch for Chunghwa Telecom HiNet GPON Access Control Vulnerability Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/188169"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38471"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011097"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "CWE-287",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011097"
},
{
"db": "NVD",
"id": "CVE-2019-15064"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.twcert.org.tw/en/cp-128-3015-170fe-2.html"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15064"
},
{
"trust": 1.6,
"url": "https://tvn.twcert.org.tw/taiwanvn/tvn-201908007"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15064"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38471"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011097"
},
{
"db": "NVD",
"id": "CVE-2019-15064"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1210"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-38471"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011097"
},
{
"db": "NVD",
"id": "CVE-2019-15064"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1210"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-38471"
},
{
"date": "2019-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011097"
},
{
"date": "2019-10-17T20:15:12.237000",
"db": "NVD",
"id": "CVE-2019-15064"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1210"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-38471"
},
{
"date": "2019-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011097"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-15064"
},
{
"date": "2020-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1210"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1210"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HiNet GPON Firmware authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011097"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1210"
}
],
"trust": 0.6
}
}
VAR-201910-0923
Vulnerability from variot - Updated: 2023-12-18 13:13An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). HiNet GPON The firmware contains a vulnerability related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Chunghwa Telecom HiNet GPON is an optical modem of Chunghwa Telecom, Taiwan.
A security vulnerability exists in Chunghwa Telecom HiNet GPON using firmware earlier than I040GWR190731
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0923",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gpon",
"scope": "lt",
"trust": 1.8,
"vendor": "hinet",
"version": "i040gwr190731"
},
{
"model": "telecom chunghwa telecom hinet gpon \u003ci040gwr190731",
"scope": null,
"trust": 0.6,
"vendor": "chunghwa",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38469"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011099"
},
{
"db": "NVD",
"id": "CVE-2019-15066"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hinet:gpon_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "i040gwr190731",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hinet:gpon:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15066"
}
]
},
"cve": "CVE-2019-15066",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-15066",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-38469",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "twcert@cert.org.tw",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15066",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-15066",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "twcert@cert.org.tw",
"id": "CVE-2019-15066",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-38469",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1212",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38469"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011099"
},
{
"db": "NVD",
"id": "CVE-2019-15066"
},
{
"db": "NVD",
"id": "CVE-2019-15066"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1212"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An \u201cinvalid command\u201d handler issue was discovered in HiNet GPON firmware \u003c I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). HiNet GPON The firmware contains a vulnerability related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Chunghwa Telecom HiNet GPON is an optical modem of Chunghwa Telecom, Taiwan. \n\nA security vulnerability exists in Chunghwa Telecom HiNet GPON using firmware earlier than I040GWR190731",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15066"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011099"
},
{
"db": "CNVD",
"id": "CNVD-2019-38469"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15066",
"trust": 3.0
},
{
"db": "TWCERT EN",
"id": "CP-128-3017-FD6BC-2",
"trust": 2.4
},
{
"db": "TWCERT",
"id": "TVN-201908012",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011099",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-38469",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1212",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38469"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011099"
},
{
"db": "NVD",
"id": "CVE-2019-15066"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1212"
}
]
},
"id": "VAR-201910-0923",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38469"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38469"
}
]
},
"last_update_date": "2023-12-18T13:13:13.976000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.hinet.net/"
},
{
"title": "Patch for Chunghwa Telecom HiNet GPON Command Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/188163"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38469"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011099"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011099"
},
{
"db": "NVD",
"id": "CVE-2019-15066"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.twcert.org.tw/en/cp-128-3017-fd6bc-2.html"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15066"
},
{
"trust": 1.6,
"url": "https://tvn.twcert.org.tw/taiwanvn/tvn-201908012"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15066"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38469"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011099"
},
{
"db": "NVD",
"id": "CVE-2019-15066"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1212"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-38469"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011099"
},
{
"db": "NVD",
"id": "CVE-2019-15066"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1212"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-38469"
},
{
"date": "2019-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011099"
},
{
"date": "2019-10-17T20:15:12.397000",
"db": "NVD",
"id": "CVE-2019-15066"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1212"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-38469"
},
{
"date": "2019-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011099"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-15066"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1212"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1212"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HiNet GPON Vulnerability related to input validation in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011099"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1212"
}
],
"trust": 0.6
}
}
VAR-201910-0922
Vulnerability from variot - Updated: 2023-12-18 12:56A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L). HiNet GPON Firmware contains an information disclosure vulnerability.Information may be obtained. Chunghwa Telecom HiNet GPON is an optical modem of Chunghwa Telecom, Taiwan.
A security vulnerability exists in Chunghwa Telecom HiNet GPON using firmware earlier than I040GWR190731
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0922",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gpon",
"scope": "lt",
"trust": 1.8,
"vendor": "hinet",
"version": "i040gwr190731"
},
{
"model": "gpon",
"scope": "eq",
"trust": 1.2,
"vendor": "hinet",
"version": null
},
{
"model": "telecom chunghwa telecom hinet gpon \u003ci040gwr190731",
"scope": null,
"trust": 0.6,
"vendor": "chunghwa",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38470"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011098"
},
{
"db": "NVD",
"id": "CVE-2019-15065"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1211"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hinet:gpon_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "i040gwr190731",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hinet:gpon:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15065"
}
]
},
"cve": "CVE-2019-15065",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-15065",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-38470",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "twcert@cert.org.tw",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15065",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-15065",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "twcert@cert.org.tw",
"id": "CVE-2019-15065",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-38470",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1211",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38470"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011098"
},
{
"db": "NVD",
"id": "CVE-2019-15065"
},
{
"db": "NVD",
"id": "CVE-2019-15065"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1211"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A service which is hosted on port 6998 in HiNet GPON firmware \u003c I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L). HiNet GPON Firmware contains an information disclosure vulnerability.Information may be obtained. Chunghwa Telecom HiNet GPON is an optical modem of Chunghwa Telecom, Taiwan. \n\nA security vulnerability exists in Chunghwa Telecom HiNet GPON using firmware earlier than I040GWR190731",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15065"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011098"
},
{
"db": "CNVD",
"id": "CNVD-2019-38470"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15065",
"trust": 3.0
},
{
"db": "TWCERT EN",
"id": "CP-128-3016-B0E90-2",
"trust": 2.4
},
{
"db": "TWCERT",
"id": "TVN-201908011",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011098",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-38470",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1211",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38470"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011098"
},
{
"db": "NVD",
"id": "CVE-2019-15065"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1211"
}
]
},
"id": "VAR-201910-0922",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38470"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38470"
}
]
},
"last_update_date": "2023-12-18T12:56:21.192000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.hinet.net/"
},
{
"title": "Patch for Chunghwa Telecom HiNet GPON Arbitrary File Read Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/188165"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38470"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011098"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011098"
},
{
"db": "NVD",
"id": "CVE-2019-15065"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.twcert.org.tw/en/cp-128-3016-b0e90-2.html"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15065"
},
{
"trust": 1.6,
"url": "https://tvn.twcert.org.tw/taiwanvn/tvn-201908011"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15065"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38470"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011098"
},
{
"db": "NVD",
"id": "CVE-2019-15065"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1211"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-38470"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011098"
},
{
"db": "NVD",
"id": "CVE-2019-15065"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1211"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-38470"
},
{
"date": "2019-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011098"
},
{
"date": "2019-10-17T20:15:12.300000",
"db": "NVD",
"id": "CVE-2019-15065"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1211"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-38470"
},
{
"date": "2019-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011098"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2019-15065"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1211"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1211"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HiNet GPON Information disclosure vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011098"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1211"
}
],
"trust": 0.6
}
}
CVE-2019-15065 (GCVE-0-2019-15065)
Vulnerability from cvelistv5 – Published: 2019-10-17 19:23 – Updated: 2024-09-16 23:31
VLAI
Title
A vulnerability was discovered in HiNet GPON firmware < I040GWR190731 that allows an attacker to read arbitrary files
Summary
A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L).
Severity
9.3 (Critical)
CWE
- read arbitrary files
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/en/cp-128-3016-b0e90-2.html | x_refsource_CONFIRM |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201908011 | x_refsource_CONFIRM |
Date Public
2019-10-16 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-128-3016-b0e90-2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GPON",
"vendor": "HiNET",
"versions": [
{
"status": "affected",
"version": "firmware \u003c I040GWR190731"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "DEVCORE"
}
],
"datePublic": "2019-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A service which is hosted on port 6998 in HiNet GPON firmware \u003c I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "read arbitrary files",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-17T19:23:13.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/en/cp-128-3016-b0e90-2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908011"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A vulnerability was discovered in HiNet GPON firmware \u003c I040GWR190731 that allows an attacker to read arbitrary files",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-10-16T16:00:00.000Z",
"ID": "CVE-2019-15065",
"STATE": "PUBLIC",
"TITLE": "A vulnerability was discovered in HiNet GPON firmware \u003c I040GWR190731 that allows an attacker to read arbitrary files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPON",
"version": {
"version_data": [
{
"version_value": "firmware \u003c I040GWR190731"
}
]
}
}
]
},
"vendor_name": "HiNET"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "DEVCORE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A service which is hosted on port 6998 in HiNet GPON firmware \u003c I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "read arbitrary files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/en/cp-128-3016-b0e90-2.html",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/en/cp-128-3016-b0e90-2.html"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908011",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908011"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-15065",
"datePublished": "2019-10-17T19:23:13.111Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:31:24.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15066 (GCVE-0-2019-15066)
Vulnerability from cvelistv5 – Published: 2019-10-17 19:22 – Updated: 2024-09-16 16:48
VLAI
Title
A remote command execution vulnerability was discovered in HiNet GPON firmware < I040GWR190731 port 6998
Summary
An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
Severity
10 (Critical)
CWE
- execute arbitrary command
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/en/cp-128-3017-fd6bc-2.html | x_refsource_CONFIRM |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201908012 | x_refsource_CONFIRM |
Date Public
2019-10-16 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-128-3017-fd6bc-2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GPON",
"vendor": "HiNET",
"versions": [
{
"status": "affected",
"version": "firmware \u003c I040GWR190731"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "DEVCORE"
}
],
"datePublic": "2019-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An \u201cinvalid command\u201d handler issue was discovered in HiNet GPON firmware \u003c I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "execute arbitrary command",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-17T19:22:14.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/en/cp-128-3017-fd6bc-2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908012"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A remote command execution vulnerability was discovered in HiNet GPON firmware \u003c I040GWR190731 port 6998",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-10-16T16:00:00.000Z",
"ID": "CVE-2019-15066",
"STATE": "PUBLIC",
"TITLE": "A remote command execution vulnerability was discovered in HiNet GPON firmware \u003c I040GWR190731 port 6998"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPON",
"version": {
"version_data": [
{
"version_value": "firmware \u003c I040GWR190731"
}
]
}
}
]
},
"vendor_name": "HiNET"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "DEVCORE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An \u201cinvalid command\u201d handler issue was discovered in HiNet GPON firmware \u003c I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "execute arbitrary command"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/en/cp-128-3017-fd6bc-2.html",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/en/cp-128-3017-fd6bc-2.html"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908012",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908012"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-15066",
"datePublished": "2019-10-17T19:22:14.824Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:48:07.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13412 (GCVE-0-2019-13412)
Vulnerability from cvelistv5 – Published: 2019-10-17 19:21 – Updated: 2024-09-16 21:02
VLAI
Title
A vulnerability was discovered in HiNet GPON firmware < I040GWR190731 that allows an attacker to read arbitrary files
Summary
A service which is hosted on port 3097 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L).
Severity
9.3 (Critical)
CWE
- read arbitrary files
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/en/cp-128-3014-904b1-2.html | x_refsource_CONFIRM |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201908006 | x_refsource_CONFIRM |
Date Public
2019-10-16 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-128-3014-904b1-2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GPON",
"vendor": "HiNET",
"versions": [
{
"status": "affected",
"version": "firmware \u003c I040GWR190731"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "DEVCORE"
}
],
"datePublic": "2019-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A service which is hosted on port 3097 in HiNet GPON firmware \u003c I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "read arbitrary files",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-17T19:21:13.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/en/cp-128-3014-904b1-2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908006"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A vulnerability was discovered in HiNet GPON firmware \u003c I040GWR190731 that allows an attacker to read arbitrary files",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-10-16T16:00:00.000Z",
"ID": "CVE-2019-13412",
"STATE": "PUBLIC",
"TITLE": "A vulnerability was discovered in HiNet GPON firmware \u003c I040GWR190731 that allows an attacker to read arbitrary files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPON",
"version": {
"version_data": [
{
"version_value": "firmware \u003c I040GWR190731"
}
]
}
}
]
},
"vendor_name": "HiNET"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "DEVCORE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A service which is hosted on port 3097 in HiNet GPON firmware \u003c I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "read arbitrary files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/en/cp-128-3014-904b1-2.html",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/en/cp-128-3014-904b1-2.html"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908006",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908006"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-13412",
"datePublished": "2019-10-17T19:21:13.687Z",
"dateReserved": "2019-07-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:02:20.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15064 (GCVE-0-2019-15064)
Vulnerability from cvelistv5 – Published: 2019-10-17 19:19 – Updated: 2024-09-16 19:01
VLAI
Title
HiNet GPON firmware version < I040GWR190731 allows a user login to device without any authentication
Summary
HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication.
Severity
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/en/cp-128-3015-170fe-2.html | x_refsource_CONFIRM |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201908007 | x_refsource_CONFIRM |
Impacted products
Date Public
2019-10-16 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-128-3015-170fe-2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GPON",
"vendor": "HiNET",
"versions": [
{
"status": "affected",
"version": "firmware version \u003c I040GWR190731"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "DEVCORE"
}
],
"datePublic": "2019-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HiNet GPON firmware version \u003c I040GWR190731 allows an attacker login to device without any authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-17T19:19:53.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/en/cp-128-3015-170fe-2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908007"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HiNet GPON firmware version \u003c I040GWR190731 allows a user login to device without any authentication",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-10-16T16:00:00.000Z",
"ID": "CVE-2019-15064",
"STATE": "PUBLIC",
"TITLE": "HiNet GPON firmware version \u003c I040GWR190731 allows a user login to device without any authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPON",
"version": {
"version_data": [
{
"version_value": "firmware version \u003c I040GWR190731"
}
]
}
}
]
},
"vendor_name": "HiNET"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "DEVCORE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HiNet GPON firmware version \u003c I040GWR190731 allows an attacker login to device without any authentication."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/en/cp-128-3015-170fe-2.html",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/en/cp-128-3015-170fe-2.html"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908007",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908007"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-15064",
"datePublished": "2019-10-17T19:19:53.093Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:01:42.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13411 (GCVE-0-2019-13411)
Vulnerability from cvelistv5 – Published: 2019-10-17 17:42 – Updated: 2024-09-16 23:27
VLAI
Title
A remote command execution vulnerability was discovered in HiNet GPON firmware < I040GWR190731 port 3097
Summary
An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 3097. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
Severity
10 (Critical)
CWE
- execute arbitrary command
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/en/cp-128-3013-92adb-2.html | x_refsource_CONFIRM |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201908005 | x_refsource_CONFIRM |
Impacted products
Date Public
2019-10-16 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-128-3013-92adb-2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GPON",
"vendor": "HiNET",
"versions": [
{
"status": "affected",
"version": "firmware before I040GWR190731"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "DEVCORE"
}
],
"datePublic": "2019-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An \u201cinvalid command\u201d handler issue was discovered in HiNet GPON firmware \u003c I040GWR190731. It allows an attacker to execute arbitrary command through port 3097. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "execute arbitrary command",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-17T17:42:23.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/en/cp-128-3013-92adb-2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908005"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A remote command execution vulnerability was discovered in HiNet GPON firmware \u003c I040GWR190731 port 3097",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-10-16T16:00:00.000Z",
"ID": "CVE-2019-13411",
"STATE": "PUBLIC",
"TITLE": "A remote command execution vulnerability was discovered in HiNet GPON firmware \u003c I040GWR190731 port 3097"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPON",
"version": {
"version_data": [
{
"version_value": "firmware before I040GWR190731"
}
]
}
}
]
},
"vendor_name": "HiNET"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "DEVCORE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An \u201cinvalid command\u201d handler issue was discovered in HiNet GPON firmware \u003c I040GWR190731. It allows an attacker to execute arbitrary command through port 3097. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "execute arbitrary command"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/en/cp-128-3013-92adb-2.html",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/en/cp-128-3013-92adb-2.html"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908005",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908005"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-13411",
"datePublished": "2019-10-17T17:42:23.854Z",
"dateReserved": "2019-07-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:27:00.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15065 (GCVE-0-2019-15065)
Vulnerability from nvd – Published: 2019-10-17 19:23 – Updated: 2024-09-16 23:31
VLAI
Title
A vulnerability was discovered in HiNet GPON firmware < I040GWR190731 that allows an attacker to read arbitrary files
Summary
A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L).
Severity
9.3 (Critical)
CWE
- read arbitrary files
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/en/cp-128-3016-b0e90-2.html | x_refsource_CONFIRM |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201908011 | x_refsource_CONFIRM |
Date Public
2019-10-16 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-128-3016-b0e90-2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GPON",
"vendor": "HiNET",
"versions": [
{
"status": "affected",
"version": "firmware \u003c I040GWR190731"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "DEVCORE"
}
],
"datePublic": "2019-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A service which is hosted on port 6998 in HiNet GPON firmware \u003c I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "read arbitrary files",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-17T19:23:13.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/en/cp-128-3016-b0e90-2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908011"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A vulnerability was discovered in HiNet GPON firmware \u003c I040GWR190731 that allows an attacker to read arbitrary files",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-10-16T16:00:00.000Z",
"ID": "CVE-2019-15065",
"STATE": "PUBLIC",
"TITLE": "A vulnerability was discovered in HiNet GPON firmware \u003c I040GWR190731 that allows an attacker to read arbitrary files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPON",
"version": {
"version_data": [
{
"version_value": "firmware \u003c I040GWR190731"
}
]
}
}
]
},
"vendor_name": "HiNET"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "DEVCORE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A service which is hosted on port 6998 in HiNet GPON firmware \u003c I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "read arbitrary files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/en/cp-128-3016-b0e90-2.html",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/en/cp-128-3016-b0e90-2.html"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908011",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908011"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-15065",
"datePublished": "2019-10-17T19:23:13.111Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:31:24.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15066 (GCVE-0-2019-15066)
Vulnerability from nvd – Published: 2019-10-17 19:22 – Updated: 2024-09-16 16:48
VLAI
Title
A remote command execution vulnerability was discovered in HiNet GPON firmware < I040GWR190731 port 6998
Summary
An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
Severity
10 (Critical)
CWE
- execute arbitrary command
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/en/cp-128-3017-fd6bc-2.html | x_refsource_CONFIRM |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201908012 | x_refsource_CONFIRM |
Date Public
2019-10-16 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-128-3017-fd6bc-2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GPON",
"vendor": "HiNET",
"versions": [
{
"status": "affected",
"version": "firmware \u003c I040GWR190731"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "DEVCORE"
}
],
"datePublic": "2019-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An \u201cinvalid command\u201d handler issue was discovered in HiNet GPON firmware \u003c I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "execute arbitrary command",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-17T19:22:14.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/en/cp-128-3017-fd6bc-2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908012"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A remote command execution vulnerability was discovered in HiNet GPON firmware \u003c I040GWR190731 port 6998",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-10-16T16:00:00.000Z",
"ID": "CVE-2019-15066",
"STATE": "PUBLIC",
"TITLE": "A remote command execution vulnerability was discovered in HiNet GPON firmware \u003c I040GWR190731 port 6998"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPON",
"version": {
"version_data": [
{
"version_value": "firmware \u003c I040GWR190731"
}
]
}
}
]
},
"vendor_name": "HiNET"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "DEVCORE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An \u201cinvalid command\u201d handler issue was discovered in HiNet GPON firmware \u003c I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "execute arbitrary command"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/en/cp-128-3017-fd6bc-2.html",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/en/cp-128-3017-fd6bc-2.html"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908012",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908012"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-15066",
"datePublished": "2019-10-17T19:22:14.824Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:48:07.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13412 (GCVE-0-2019-13412)
Vulnerability from nvd – Published: 2019-10-17 19:21 – Updated: 2024-09-16 21:02
VLAI
Title
A vulnerability was discovered in HiNet GPON firmware < I040GWR190731 that allows an attacker to read arbitrary files
Summary
A service which is hosted on port 3097 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L).
Severity
9.3 (Critical)
CWE
- read arbitrary files
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/en/cp-128-3014-904b1-2.html | x_refsource_CONFIRM |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201908006 | x_refsource_CONFIRM |
Date Public
2019-10-16 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-128-3014-904b1-2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GPON",
"vendor": "HiNET",
"versions": [
{
"status": "affected",
"version": "firmware \u003c I040GWR190731"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "DEVCORE"
}
],
"datePublic": "2019-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A service which is hosted on port 3097 in HiNet GPON firmware \u003c I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "read arbitrary files",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-17T19:21:13.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/en/cp-128-3014-904b1-2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908006"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A vulnerability was discovered in HiNet GPON firmware \u003c I040GWR190731 that allows an attacker to read arbitrary files",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-10-16T16:00:00.000Z",
"ID": "CVE-2019-13412",
"STATE": "PUBLIC",
"TITLE": "A vulnerability was discovered in HiNet GPON firmware \u003c I040GWR190731 that allows an attacker to read arbitrary files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPON",
"version": {
"version_data": [
{
"version_value": "firmware \u003c I040GWR190731"
}
]
}
}
]
},
"vendor_name": "HiNET"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "DEVCORE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A service which is hosted on port 3097 in HiNet GPON firmware \u003c I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "read arbitrary files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/en/cp-128-3014-904b1-2.html",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/en/cp-128-3014-904b1-2.html"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908006",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908006"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-13412",
"datePublished": "2019-10-17T19:21:13.687Z",
"dateReserved": "2019-07-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:02:20.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15064 (GCVE-0-2019-15064)
Vulnerability from nvd – Published: 2019-10-17 19:19 – Updated: 2024-09-16 19:01
VLAI
Title
HiNet GPON firmware version < I040GWR190731 allows a user login to device without any authentication
Summary
HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication.
Severity
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/en/cp-128-3015-170fe-2.html | x_refsource_CONFIRM |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201908007 | x_refsource_CONFIRM |
Impacted products
Date Public
2019-10-16 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-128-3015-170fe-2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GPON",
"vendor": "HiNET",
"versions": [
{
"status": "affected",
"version": "firmware version \u003c I040GWR190731"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "DEVCORE"
}
],
"datePublic": "2019-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HiNet GPON firmware version \u003c I040GWR190731 allows an attacker login to device without any authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-17T19:19:53.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/en/cp-128-3015-170fe-2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908007"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HiNet GPON firmware version \u003c I040GWR190731 allows a user login to device without any authentication",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-10-16T16:00:00.000Z",
"ID": "CVE-2019-15064",
"STATE": "PUBLIC",
"TITLE": "HiNet GPON firmware version \u003c I040GWR190731 allows a user login to device without any authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPON",
"version": {
"version_data": [
{
"version_value": "firmware version \u003c I040GWR190731"
}
]
}
}
]
},
"vendor_name": "HiNET"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "DEVCORE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HiNet GPON firmware version \u003c I040GWR190731 allows an attacker login to device without any authentication."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/en/cp-128-3015-170fe-2.html",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/en/cp-128-3015-170fe-2.html"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908007",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908007"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-15064",
"datePublished": "2019-10-17T19:19:53.093Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:01:42.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13411 (GCVE-0-2019-13411)
Vulnerability from nvd – Published: 2019-10-17 17:42 – Updated: 2024-09-16 23:27
VLAI
Title
A remote command execution vulnerability was discovered in HiNet GPON firmware < I040GWR190731 port 3097
Summary
An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 3097. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
Severity
10 (Critical)
CWE
- execute arbitrary command
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/en/cp-128-3013-92adb-2.html | x_refsource_CONFIRM |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201908005 | x_refsource_CONFIRM |
Impacted products
Date Public
2019-10-16 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-128-3013-92adb-2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GPON",
"vendor": "HiNET",
"versions": [
{
"status": "affected",
"version": "firmware before I040GWR190731"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "DEVCORE"
}
],
"datePublic": "2019-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An \u201cinvalid command\u201d handler issue was discovered in HiNet GPON firmware \u003c I040GWR190731. It allows an attacker to execute arbitrary command through port 3097. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "execute arbitrary command",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-17T17:42:23.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/en/cp-128-3013-92adb-2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908005"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A remote command execution vulnerability was discovered in HiNet GPON firmware \u003c I040GWR190731 port 3097",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-10-16T16:00:00.000Z",
"ID": "CVE-2019-13411",
"STATE": "PUBLIC",
"TITLE": "A remote command execution vulnerability was discovered in HiNet GPON firmware \u003c I040GWR190731 port 3097"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPON",
"version": {
"version_data": [
{
"version_value": "firmware before I040GWR190731"
}
]
}
}
]
},
"vendor_name": "HiNET"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "DEVCORE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An \u201cinvalid command\u201d handler issue was discovered in HiNet GPON firmware \u003c I040GWR190731. It allows an attacker to execute arbitrary command through port 3097. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "execute arbitrary command"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/en/cp-128-3013-92adb-2.html",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/en/cp-128-3013-92adb-2.html"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908005",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908005"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-13411",
"datePublished": "2019-10-17T17:42:23.854Z",
"dateReserved": "2019-07-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:27:00.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}