Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
9 vulnerabilities by Gigastone
VAR-201909-0868
Vulnerability from variot - Updated: 2023-12-18 13:38An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?<= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. An attacker can bypass authentication and gain privilege by modifying the login page. Smart Battery A2-25DE Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0868",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart battery a2-25de",
"scope": "lte",
"trust": 1.0,
"vendor": "gigastone",
"version": "2013-10-16"
},
{
"model": "smart battery a2-25de",
"scope": null,
"trust": 0.8,
"vendor": "gigastone",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009985"
},
{
"db": "NVD",
"id": "CVE-2019-15067"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:gigastone:smart_battery_a2-25de_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2013-10-16",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:gigastone:smart_battery_a2-25de:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15067"
}
]
},
"cve": "CVE-2019-15067",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-15067",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-147076",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15067",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-15067",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-1177",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-147076",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147076"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009985"
},
{
"db": "NVD",
"id": "CVE-2019-15067"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1177"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?\u003c= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. An attacker can bypass authentication and gain privilege by modifying the login page. Smart Battery A2-25DE Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15067"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009985"
},
{
"db": "VULHUB",
"id": "VHN-147076"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15067",
"trust": 2.5
},
{
"db": "TWCERT",
"id": "TVN-201908002",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009985",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1177",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-147076",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147076"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009985"
},
{
"db": "NVD",
"id": "CVE-2019-15067"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1177"
}
]
},
"id": "VAR-201909-0868",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-147076"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:38:08.109000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Smart Battery A2-25DE",
"trust": 0.8,
"url": "https://www.gigastone.com/en/product/c/2/n2/29"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009985"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-287",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147076"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009985"
},
{
"db": "NVD",
"id": "CVE-2019-15067"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.twcert.org.tw/subpages/servethepublic/public_document_details.aspx?lang=en-us\u0026id=44"
},
{
"trust": 1.7,
"url": "https://tvn.twcert.org.tw/taiwanvn/tvn-201908002"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15067"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15067"
},
{
"trust": 0.1,
"url": "https://www.twcert.org.tw/subpages/servethepublic/public_document_details.aspx?lang=en-us\u0026amp;id=44"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147076"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009985"
},
{
"db": "NVD",
"id": "CVE-2019-15067"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1177"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-147076"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009985"
},
{
"db": "NVD",
"id": "CVE-2019-15067"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1177"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-25T00:00:00",
"db": "VULHUB",
"id": "VHN-147076"
},
{
"date": "2019-10-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009985"
},
{
"date": "2019-09-25T19:15:10.487000",
"db": "NVD",
"id": "CVE-2019-15067"
},
{
"date": "2019-09-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-1177"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-147076"
},
{
"date": "2019-10-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009985"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-15067"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-1177"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-1177"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Smart Battery A2-25DE Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009985"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-1177"
}
],
"trust": 0.6
}
}
VAR-201909-0870
Vulnerability from variot - Updated: 2023-12-18 13:02An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege. Smart Battery A4 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0870",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart battery a4",
"scope": "lte",
"trust": 1.0,
"vendor": "gigastone",
"version": "r1.7.9"
},
{
"model": "smart battery a4",
"scope": null,
"trust": 0.8,
"vendor": "gigastone",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009697"
},
{
"db": "NVD",
"id": "CVE-2019-15069"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:gigastone:smart_battery_a4_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r1.7.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:gigastone:smart_battery_a4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15069"
}
]
},
"cve": "CVE-2019-15069",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-15069",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-147078",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15069",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-15069",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-1178",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-147078",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147078"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009697"
},
{
"db": "NVD",
"id": "CVE-2019-15069"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1178"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege. Smart Battery A4 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15069"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009697"
},
{
"db": "VULHUB",
"id": "VHN-147078"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15069",
"trust": 2.5
},
{
"db": "TWCERT",
"id": "TVN-201908004",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009697",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1178",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-147078",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147078"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009697"
},
{
"db": "NVD",
"id": "CVE-2019-15069"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1178"
}
]
},
"id": "VAR-201909-0870",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-147078"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:02:04.217000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Smart Battery A4",
"trust": 0.8,
"url": "https://www.gigastone.com/en/product/c/2/n/15"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009697"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-287",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147078"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009697"
},
{
"db": "NVD",
"id": "CVE-2019-15069"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.twcert.org.tw/subpages/servethepublic/public_document_details.aspx?lang=en-us\u0026id=46"
},
{
"trust": 1.7,
"url": "https://tvn.twcert.org.tw/taiwanvn/tvn-201908004"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15069"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15069"
},
{
"trust": 0.1,
"url": "https://www.twcert.org.tw/subpages/servethepublic/public_document_details.aspx?lang=en-us\u0026amp;id=46"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147078"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009697"
},
{
"db": "NVD",
"id": "CVE-2019-15069"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1178"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-147078"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009697"
},
{
"db": "NVD",
"id": "CVE-2019-15069"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1178"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-25T00:00:00",
"db": "VULHUB",
"id": "VHN-147078"
},
{
"date": "2019-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009697"
},
{
"date": "2019-09-25T19:15:10.627000",
"db": "NVD",
"id": "CVE-2019-15069"
},
{
"date": "2019-09-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-1178"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-147078"
},
{
"date": "2019-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009697"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-15069"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-1178"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-1178"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Smart Battery A4 Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009697"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-1178"
}
],
"trust": 0.6
}
}
VAR-201909-0869
Vulnerability from variot - Updated: 2023-12-18 12:43A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 allows an attacker to get/reset administrator’s password without any authentication. Smart Battery A4 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Smart Battery A4 is a portable power supply device. An attacker could exploit this vulnerability to obtain/reset the administrator password without authentication
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0869",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart battery a4",
"scope": "lte",
"trust": 1.0,
"vendor": "gigastone",
"version": "r1.7.9"
},
{
"model": "smart battery a4",
"scope": null,
"trust": 0.8,
"vendor": "gigastone",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009696"
},
{
"db": "NVD",
"id": "CVE-2019-15068"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:gigastone:smart_battery_a4_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r1.7.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:gigastone:smart_battery_a4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15068"
}
]
},
"cve": "CVE-2019-15068",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-15068",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-147077",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15068",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-15068",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-1179",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-147077",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147077"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009696"
},
{
"db": "NVD",
"id": "CVE-2019-15068"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1179"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 allows an attacker to get/reset administrator\u2019s password without any authentication. Smart Battery A4 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Smart Battery A4 is a portable power supply device. An attacker could exploit this vulnerability to obtain/reset the administrator password without authentication",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15068"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009696"
},
{
"db": "VULHUB",
"id": "VHN-147077"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15068",
"trust": 2.5
},
{
"db": "TWCERT",
"id": "TVN-201908003",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009696",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1179",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-147077",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147077"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009696"
},
{
"db": "NVD",
"id": "CVE-2019-15068"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1179"
}
]
},
"id": "VAR-201909-0869",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-147077"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:43:18.005000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Smart Battery A4",
"trust": 0.8,
"url": "https://www.gigastone.com/en/product/c/2/n/15"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009696"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "CWE-287",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147077"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009696"
},
{
"db": "NVD",
"id": "CVE-2019-15068"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.twcert.org.tw/subpages/servethepublic/public_document_details.aspx?lang=en-us\u0026id=45"
},
{
"trust": 1.7,
"url": "https://tvn.twcert.org.tw/taiwanvn/tvn-201908003"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15068"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15068"
},
{
"trust": 0.1,
"url": "https://www.twcert.org.tw/subpages/servethepublic/public_document_details.aspx?lang=en-us\u0026amp;id=45"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147077"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009696"
},
{
"db": "NVD",
"id": "CVE-2019-15068"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1179"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-147077"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009696"
},
{
"db": "NVD",
"id": "CVE-2019-15068"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1179"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-25T00:00:00",
"db": "VULHUB",
"id": "VHN-147077"
},
{
"date": "2019-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009696"
},
{
"date": "2019-09-25T19:15:10.563000",
"db": "NVD",
"id": "CVE-2019-15068"
},
{
"date": "2019-09-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-1179"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-147077"
},
{
"date": "2019-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009696"
},
{
"date": "2023-11-07T03:05:24.683000",
"db": "NVD",
"id": "CVE-2019-15068"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-1179"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-1179"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Smart Battery A4 Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009696"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-1179"
}
],
"trust": 0.6
}
}
CVE-2019-15069 (GCVE-0-2019-15069)
Vulnerability from cvelistv5 – Published: 2019-09-25 18:10 – Updated: 2024-09-17 02:32
VLAI
Title
An unsafe authentication interface was discovered in Smart Battery A4
Summary
An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege.
Severity
No CVSS data available.
CWE
- unsafe authentication interface
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://tvn.twcert.org.tw/taiwanvn/TVN-201908004 | x_refsource_CONFIRM |
| https://www.twcert.org.tw/subpages/ServeThePublic… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Gigastone | Smart Battery A4 |
Unknown:
Firmware , ≤ r1.7.9
(custom)
|
Date Public
2019-09-24 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=46"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Battery A4",
"vendor": "Gigastone",
"versions": [
{
"lessThanOrEqual": "r1.7.9",
"status": "unknown",
"version": "Firmware",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
}
],
"datePublic": "2019-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unsafe authentication interface",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-25T18:10:15.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=46"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "An unsafe authentication interface was discovered in Smart Battery A4",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-09-24T16:00:00.000Z",
"ID": "CVE-2019-15069",
"STATE": "PUBLIC",
"TITLE": "An unsafe authentication interface was discovered in Smart Battery A4"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Battery A4",
"version": {
"version_data": [
{
"version_affected": "?\u003c=",
"version_name": "Firmware",
"version_value": "r1.7.9"
}
]
}
}
]
},
"vendor_name": "Gigastone"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unsafe authentication interface"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004"
},
{
"name": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=46",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=46"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-15069",
"datePublished": "2019-09-25T18:10:15.721Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:32:36.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15068 (GCVE-0-2019-15068)
Vulnerability from cvelistv5 – Published: 2019-09-25 18:10 – Updated: 2024-09-16 21:02
VLAI
Title
A broken access control vulnerability discovered in Smart Battery A4
Summary
A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 allows an attacker to get/reset administrator’s password without any authentication.
Severity
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://tvn.twcert.org.tw/taiwanvn/TVN-201908003 | x_refsource_CONFIRM |
| https://www.twcert.org.tw/subpages/ServeThePublic… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Gigastone | Smart Battery A4 |
Unknown:
Firmware , ≤ r1.7.9
(custom)
|
Date Public
2019-09-24 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=45"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Battery A4",
"vendor": "Gigastone",
"versions": [
{
"lessThanOrEqual": "r1.7.9",
"status": "unknown",
"version": "Firmware",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
}
],
"datePublic": "2019-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 allows an attacker to get/reset administrator\u2019s password without any authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-25T18:10:15.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=45"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "A broken access control vulnerability discovered in Smart Battery A4",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-09-24T16:00:00.000Z",
"ID": "CVE-2019-15068",
"STATE": "PUBLIC",
"TITLE": "A broken access control vulnerability discovered in Smart Battery A4"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Battery A4",
"version": {
"version_data": [
{
"version_affected": "?\u003c=",
"version_name": "Firmware",
"version_value": "r1.7.9"
}
]
}
}
]
},
"vendor_name": "Gigastone"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 allows an attacker to get/reset administrator\u2019s password without any authentication."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003"
},
{
"name": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=45",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=45"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-15068",
"datePublished": "2019-09-25T18:10:15.674Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:02:47.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15067 (GCVE-0-2019-15067)
Vulnerability from cvelistv5 – Published: 2019-09-25 18:10 – Updated: 2024-09-16 17:48
VLAI
Title
An authentication bypass vulnerability discovered in Smart Battery A2-25DE
Summary
An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?<= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. An attacker can bypass authentication and gain privilege by modifying the login page.
Severity
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://tvn.twcert.org.tw/taiwanvn/TVN-201908002 | x_refsource_CONFIRM |
| https://www.twcert.org.tw/subpages/ServeThePublic… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Gigastone | Smart Battery A2-25DE |
Unknown:
Firmware , ≤ SECFS-2013-10-16-13:42:58-629c30ee-60c68be6
(custom)
|
Date Public
2019-09-24 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=44"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Battery A2-25DE",
"vendor": "Gigastone",
"versions": [
{
"lessThanOrEqual": "SECFS-2013-10-16-13:42:58-629c30ee-60c68be6",
"status": "unknown",
"version": "Firmware",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng, Julian Chen"
}
],
"datePublic": "2019-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?\u003c= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. An attacker can bypass authentication and gain privilege by modifying the login page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-25T18:10:15.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=44"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "An authentication bypass vulnerability discovered in Smart Battery A2-25DE",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-09-24T16:00:00.000Z",
"ID": "CVE-2019-15067",
"STATE": "PUBLIC",
"TITLE": "An authentication bypass vulnerability discovered in Smart Battery A2-25DE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Battery A2-25DE",
"version": {
"version_data": [
{
"version_affected": "?\u003c=",
"version_name": "Firmware",
"version_value": "SECFS-2013-10-16-13:42:58-629c30ee-60c68be6"
}
]
}
}
]
},
"vendor_name": "Gigastone"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng, Julian Chen"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?\u003c= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. An attacker can bypass authentication and gain privilege by modifying the login page."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908002",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908002"
},
{
"name": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=44",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=44"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-15067",
"datePublished": "2019-09-25T18:10:15.597Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:48:11.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15067 (GCVE-0-2019-15067)
Vulnerability from nvd – Published: 2019-09-25 18:10 – Updated: 2024-09-16 17:48
VLAI
Title
An authentication bypass vulnerability discovered in Smart Battery A2-25DE
Summary
An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?<= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. An attacker can bypass authentication and gain privilege by modifying the login page.
Severity
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://tvn.twcert.org.tw/taiwanvn/TVN-201908002 | x_refsource_CONFIRM |
| https://www.twcert.org.tw/subpages/ServeThePublic… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Gigastone | Smart Battery A2-25DE |
Unknown:
Firmware , ≤ SECFS-2013-10-16-13:42:58-629c30ee-60c68be6
(custom)
|
Date Public
2019-09-24 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=44"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Battery A2-25DE",
"vendor": "Gigastone",
"versions": [
{
"lessThanOrEqual": "SECFS-2013-10-16-13:42:58-629c30ee-60c68be6",
"status": "unknown",
"version": "Firmware",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng, Julian Chen"
}
],
"datePublic": "2019-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?\u003c= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. An attacker can bypass authentication and gain privilege by modifying the login page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-25T18:10:15.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=44"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "An authentication bypass vulnerability discovered in Smart Battery A2-25DE",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-09-24T16:00:00.000Z",
"ID": "CVE-2019-15067",
"STATE": "PUBLIC",
"TITLE": "An authentication bypass vulnerability discovered in Smart Battery A2-25DE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Battery A2-25DE",
"version": {
"version_data": [
{
"version_affected": "?\u003c=",
"version_name": "Firmware",
"version_value": "SECFS-2013-10-16-13:42:58-629c30ee-60c68be6"
}
]
}
}
]
},
"vendor_name": "Gigastone"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng, Julian Chen"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?\u003c= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. An attacker can bypass authentication and gain privilege by modifying the login page."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908002",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908002"
},
{
"name": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=44",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=44"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-15067",
"datePublished": "2019-09-25T18:10:15.597Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:48:11.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15069 (GCVE-0-2019-15069)
Vulnerability from nvd – Published: 2019-09-25 18:10 – Updated: 2024-09-17 02:32
VLAI
Title
An unsafe authentication interface was discovered in Smart Battery A4
Summary
An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege.
Severity
No CVSS data available.
CWE
- unsafe authentication interface
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://tvn.twcert.org.tw/taiwanvn/TVN-201908004 | x_refsource_CONFIRM |
| https://www.twcert.org.tw/subpages/ServeThePublic… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Gigastone | Smart Battery A4 |
Unknown:
Firmware , ≤ r1.7.9
(custom)
|
Date Public
2019-09-24 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=46"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Battery A4",
"vendor": "Gigastone",
"versions": [
{
"lessThanOrEqual": "r1.7.9",
"status": "unknown",
"version": "Firmware",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
}
],
"datePublic": "2019-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unsafe authentication interface",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-25T18:10:15.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=46"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "An unsafe authentication interface was discovered in Smart Battery A4",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-09-24T16:00:00.000Z",
"ID": "CVE-2019-15069",
"STATE": "PUBLIC",
"TITLE": "An unsafe authentication interface was discovered in Smart Battery A4"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Battery A4",
"version": {
"version_data": [
{
"version_affected": "?\u003c=",
"version_name": "Firmware",
"version_value": "r1.7.9"
}
]
}
}
]
},
"vendor_name": "Gigastone"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unsafe authentication interface"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004"
},
{
"name": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=46",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=46"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-15069",
"datePublished": "2019-09-25T18:10:15.721Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:32:36.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15068 (GCVE-0-2019-15068)
Vulnerability from nvd – Published: 2019-09-25 18:10 – Updated: 2024-09-16 21:02
VLAI
Title
A broken access control vulnerability discovered in Smart Battery A4
Summary
A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 allows an attacker to get/reset administrator’s password without any authentication.
Severity
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://tvn.twcert.org.tw/taiwanvn/TVN-201908003 | x_refsource_CONFIRM |
| https://www.twcert.org.tw/subpages/ServeThePublic… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Gigastone | Smart Battery A4 |
Unknown:
Firmware , ≤ r1.7.9
(custom)
|
Date Public
2019-09-24 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=45"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Battery A4",
"vendor": "Gigastone",
"versions": [
{
"lessThanOrEqual": "r1.7.9",
"status": "unknown",
"version": "Firmware",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
}
],
"datePublic": "2019-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 allows an attacker to get/reset administrator\u2019s password without any authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-25T18:10:15.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=45"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "A broken access control vulnerability discovered in Smart Battery A4",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-09-24T16:00:00.000Z",
"ID": "CVE-2019-15068",
"STATE": "PUBLIC",
"TITLE": "A broken access control vulnerability discovered in Smart Battery A4"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Battery A4",
"version": {
"version_data": [
{
"version_affected": "?\u003c=",
"version_name": "Firmware",
"version_value": "r1.7.9"
}
]
}
}
]
},
"vendor_name": "Gigastone"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?\u003c= r1.7.9 allows an attacker to get/reset administrator\u2019s password without any authentication."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003"
},
{
"name": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=45",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US\u0026id=45"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-15068",
"datePublished": "2019-09-25T18:10:15.674Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:02:47.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}