cvelistv5 - cve-2019-6005

CVE-2019-6005 (GCVE-0-2019-6005)

Vulnerability from cvelistv5

Published

2019-09-12 15:58

Modified

2024-08-04 20:09

Severity ?

CWE

Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user's intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP.

Summary

References

URL

	Vendor	Product	Version
	Smart TV Box	firmware version prior to 1300	Version: remote attackers

fkie_cve-2019-6005

Vulnerability from fkie_nvd

Published

2019-09-12 17:15

Modified

2024-11-21 04:45

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN17127920/index.html	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN17127920/index.html	Third Party Advisory

Impacted products

	Vendor	Product	Version
	kddi	smart_tv_box_firmware	*
	kddi	smart_tv_box	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:kddi:smart_tv_box_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3571CD37-DFA6-4763-9B43-8DA632FBBEC9",
              "versionEndExcluding": "1300",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:kddi:smart_tv_box:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A75F58C1-922E-40EE-8702-D8CFB9CF06B2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user\u0027s intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP."
    },
    {
      "lang": "es",
      "value": "Smart TV Box versi\u00f3n de firmware anterior a 1300, permite a atacantes remotos omitir la restricci\u00f3n de acceso para conducir operaciones arbitrarias sobre el dispositivo sin la intenci\u00f3n del usuario, como instalar un software arbitrario o cambiar la configuraci\u00f3n del dispositivo por medio del puerto 5555/TCP de Android Debug Bridge."
    }
  ],
  "id": "CVE-2019-6005",
  "lastModified": "2024-11-21T04:45:54.090",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-09-12T17:15:14.500",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN17127920/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN17127920/index.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2019-6005

Vulnerability from jvndb

Published

2019-08-23 15:57

Modified

2019-10-08 17:35

Severity ?

7.3 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

Smart TV Box fails to restrict access permissions

Details

Smart TV Box provided by KDDI CORPORATION enables access to Android Debug Bridge via port 5555/TCP of LAN side interface. When a cable television provider sets up Smart TV Box at an individual residence, direct access from outside to the LAN side interface of Smart TV Box is disabled. However if the original setting is changed later, for example, LAN side interface connection to internet directly is enabled, access to Android Debug Bridge via port 5555/TCP of LAN side interface becomes enabled. As a result, arbitrary operations without users intent becomes possible, and a remote attacker may conduct arbitrary operations on the device. Yoshiki Mori and Masaki Kubo of Cybersecurity Laboratory, National Institute of Information and Communications Technology reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN17127920/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6005
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-6005
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

KDDI

Smart TV Box

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000053.html",
  "dc:date": "2019-10-08T17:35+09:00",
  "dcterms:issued": "2019-08-23T15:57+09:00",
  "dcterms:modified": "2019-10-08T17:35+09:00",
  "description": "Smart TV Box provided by KDDI CORPORATION enables access to Android Debug Bridge via port 5555/TCP of LAN side interface.\r\nWhen a cable television provider sets up Smart TV Box at an individual residence, direct access from outside to the LAN side interface of Smart TV Box is disabled.  However if the original setting is changed later, for example, LAN side interface connection to internet directly is enabled, access to Android Debug Bridge via port 5555/TCP of LAN side interface becomes enabled.  As a result, arbitrary operations without users intent becomes possible, and a remote attacker may conduct arbitrary operations on the device.\r\n\r\nYoshiki Mori and Masaki Kubo of Cybersecurity Laboratory, National Institute of Information and Communications Technology reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000053.html",
  "sec:cpe": {
    "#text": "cpe:/o:kddi:smart_tv_box_firmware",
    "@product": "Smart TV Box",
    "@vendor": "KDDI",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.3",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2019-000053",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN17127920/index.html",
      "@id": "JVN#17127920",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6005",
      "@id": "CVE-2019-6005",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6005",
      "@id": "CVE-2019-6005",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Smart TV Box fails to restrict access permissions"
}

cnvd-2019-29564

Vulnerability from cnvd

Title

KDDI Smart TV Box访问控制错误漏洞

Description

KDDI Smart TV Box是日本KDDI公司的一款智能电视盒子。使用1300之前版本固件的KDDI Smart TV Box中存在访问控制错误漏洞，该漏洞源于程序未能限制访问权限，远程攻击者可利用该漏洞在设备上执行任意操作。

Severity

中

Patch Name

KDDI Smart TV Box访问控制错误漏洞的补丁

Patch Description

KDDI Smart TV Box是日本KDDI公司的一款智能电视盒子。使用1300之前版本固件的KDDI Smart TV Box中存在访问控制错误漏洞，该漏洞源于程序未能限制访问权限，远程攻击者可利用该漏洞在设备上执行任意操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.kddi.com

Reference

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6005

Impacted products

Name
KDDI Smart TV Box <1300

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-6005",
      "cveUrl": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6005"
    }
  },
  "description": "KDDI Smart TV Box\u662f\u65e5\u672cKDDI\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u7535\u89c6\u76d2\u5b50\u3002\n\n\u4f7f\u75281300\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684KDDI Smart TV Box\u4e2d\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u9650\u5236\u8bbf\u95ee\u6743\u9650\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u8bbe\u5907\u4e0a\u6267\u884c\u4efb\u610f\u64cd\u4f5c\u3002",
  "discovererName": "unknown",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.kddi.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-29564",
  "openTime": "2019-08-30",
  "patchDescription": "KDDI Smart TV Box\u662f\u65e5\u672cKDDI\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u7535\u89c6\u76d2\u5b50\u3002\r\n\r\n\u4f7f\u75281300\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684KDDI Smart TV Box\u4e2d\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u9650\u5236\u8bbf\u95ee\u6743\u9650\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u8bbe\u5907\u4e0a\u6267\u884c\u4efb\u610f\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "KDDI Smart TV Box\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "KDDI Smart TV Box \u003c1300"
  },
  "referenceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6005",
  "serverity": "\u4e2d",
  "submitTime": "2019-08-23",
  "title": "KDDI Smart TV Box\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

var-201909-0036

Vulnerability from variot

Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user's intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP. When a cable television provider sets up Smart TV Box at an individual residence, direct access from outside to the LAN side interface of Smart TV Box is disabled. However if the original setting is changed later, for example, LAN side interface connection to internet directly is enabled, access to Android Debug Bridge via port 5555/TCP of LAN side interface becomes enabled. Yoshiki Mori and Masaki Kubo of Cybersecurity Laboratory, National Institute of Information and Communications Technology reported this vulnerability to IPA

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201909-0036",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "smart tv box",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "kddi",
        "version": "1300"
      },
      {
        "model": "smart tv box",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "kddi",
        "version": "firmware version prior to 1300"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-29564"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000053"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6005"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:kddi:smart_tv_box_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000053"
      }
    ]
  },
  "cve": "CVE-2019-6005",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-6005",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-000053",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2019-29564",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-6005",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "Low",
            "baseScore": 7.3,
            "baseSeverity": "High",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-000053",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-6005",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2019-000053",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-29564",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201908-1927",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-29564"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000053"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1927"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6005"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user\u0027s intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP. When a cable television provider sets up Smart TV Box at an individual residence, direct access from outside to the LAN side interface of Smart TV Box is disabled. However if the original setting is changed later, for example, LAN side interface connection to internet directly is enabled, access to Android Debug Bridge via port 5555/TCP of LAN side interface becomes enabled. Yoshiki Mori and Masaki Kubo of Cybersecurity Laboratory, National Institute of Information and Communications Technology reported this vulnerability to IPA",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6005"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000053"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-29564"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-6005",
        "trust": 3.0
      },
      {
        "db": "JVN",
        "id": "JVN17127920",
        "trust": 2.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000053",
        "trust": 1.4
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-29564",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1927",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-29564"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000053"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1927"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6005"
      }
    ]
  },
  "id": "VAR-201909-0036",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-29564"
      }
    ],
    "trust": 1.2666667
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-29564"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:25:47.654000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "KDDI CORPORATION website",
        "trust": 0.8,
        "url": "https://news.kddi.com/kddi/cable-service/smart-tv-box/201902273642.html"
      },
      {
        "title": "Patch for KDDI Smart TV Box Access Control Error Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/178017"
      },
      {
        "title": "KDDI Smart TV Box Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96979"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-29564"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000053"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1927"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000053"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6005"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://jvn.jp/en/jp/jvn17127920/index.html"
      },
      {
        "trust": 1.4,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6005"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6005"
      },
      {
        "trust": 0.6,
        "url": "https://jvndb.jvn.jp/en/contents/2019/jvndb-2019-000053.html"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-29564"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000053"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1927"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6005"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-29564"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000053"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1927"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6005"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-29564"
      },
      {
        "date": "2019-08-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-000053"
      },
      {
        "date": "2019-08-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-1927"
      },
      {
        "date": "2019-09-12T17:15:14.500000",
        "db": "NVD",
        "id": "CVE-2019-6005"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-09-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-29564"
      },
      {
        "date": "2019-10-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-000053"
      },
      {
        "date": "2020-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-1927"
      },
      {
        "date": "2024-11-21T04:45:54.090000",
        "db": "NVD",
        "id": "CVE-2019-6005"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1927"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Smart TV Box fails to restrict access permissions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000053"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1927"
      }
    ],
    "trust": 0.6
  }
}

gsd-2019-6005

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2019-6005

Aliases

CVE-2019-6005

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-6005",
    "description": "Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user\u0027s intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP.",
    "id": "GSD-2019-6005"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-6005"
      ],
      "details": "Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user\u0027s intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP.",
      "id": "GSD-2019-6005",
      "modified": "2023-12-13T01:23:49.312322Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2019-6005",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "firmware version prior to 1300",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "remote attackers"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Smart TV Box"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user\u0027s intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user\u0027s intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP."
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://jvn.jp/en/jp/JVN17127920/index.html",
            "refsource": "MISC",
            "url": "http://jvn.jp/en/jp/JVN17127920/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:kddi:smart_tv_box_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1300",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:kddi:smart_tv_box:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2019-6005"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user\u0027s intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://jvn.jp/en/jp/JVN17127920/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://jvn.jp/en/jp/JVN17127920/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-09-12T17:15Z"
    }
  }
}

ghsa-cjm9-34g2-v82g

Vulnerability from github

Published

2022-05-24 16:56

Modified

2024-04-04 01:56

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-6005"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-12T17:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user\u0027s intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP.",
  "id": "GHSA-cjm9-34g2-v82g",
  "modified": "2024-04-04T01:56:22Z",
  "published": "2022-05-24T16:56:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6005"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN17127920/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-6005 (GCVE-0-2019-6005)

Vulnerability from cvelistv5

fkie_cve-2019-6005

Vulnerability from fkie_nvd

cve-2019-6005

Vulnerability from jvndb

cnvd-2019-29564

Vulnerability from cnvd

var-201909-0036

Vulnerability from variot

gsd-2019-6005

Vulnerability from gsd

ghsa-cjm9-34g2-v82g

Vulnerability from github

Tags

Sightings

Nomenclature