VAR-201910-0647
Vulnerability from variot - Updated: 2023-12-18 12:35AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. The default WiFi password and WiFi SSID are derived from the same hash function output (input is only 8 characters), which allows an attacker to deduce the WiFi password from the WiFi SSID. AutoPi Wi-Fi/NB and 4G/LTE The device contains a vulnerability related to information disclosure from the cache.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AutoPi.io AutoPi Wi-Fi / NB and AutoPi 4G / LTE are encryption devices from Denmark's AutoPi.io.
AutoPi.io AutoPi Wi-Fi / NB and AutoPi 4G / LTE versions prior to 2019-10-15 have security vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0647",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wi-fi\\/nb",
"scope": "lt",
"trust": 1.0,
"vendor": "autopi",
"version": "2019-10-15"
},
{
"model": "4g\\/lte",
"scope": "lt",
"trust": 1.0,
"vendor": "autopi",
"version": "2019-10-15"
},
{
"model": "4g/lte",
"scope": "eq",
"trust": 0.8,
"vendor": "autopi io",
"version": "2019/10/15"
},
{
"model": "wi-fi/nb",
"scope": "eq",
"trust": 0.8,
"vendor": "autopi io",
"version": "2019/10/15"
},
{
"model": "wi-fi/nb and 4g/lte devices",
"scope": "lt",
"trust": 0.6,
"vendor": "autopi io",
"version": "2019-10-15"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36986"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011159"
},
{
"db": "NVD",
"id": "CVE-2019-12941"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:autopi:wi-fi\\/nb_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-10-15",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:autopi:wi-fi\\/nb:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:autopi:4g\\/lte_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-10-15",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:autopi:4g\\/lte:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-12941"
}
]
},
"cve": "CVE-2019-12941",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-12941",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-36986",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-12941",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-12941",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-36986",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-811",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36986"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011159"
},
{
"db": "NVD",
"id": "CVE-2019-12941"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-811"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. The default WiFi password and WiFi SSID are derived from the same hash function output (input is only 8 characters), which allows an attacker to deduce the WiFi password from the WiFi SSID. AutoPi Wi-Fi/NB and 4G/LTE The device contains a vulnerability related to information disclosure from the cache.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AutoPi.io AutoPi Wi-Fi / NB and AutoPi 4G / LTE are encryption devices from Denmark\u0027s AutoPi.io. \n\nAutoPi.io AutoPi Wi-Fi / NB and AutoPi 4G / LTE versions prior to 2019-10-15 have security vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-12941"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011159"
},
{
"db": "CNVD",
"id": "CNVD-2019-36986"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-12941",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011159",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-36986",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-811",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36986"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011159"
},
{
"db": "NVD",
"id": "CVE-2019-12941"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-811"
}
]
},
"id": "VAR-201910-0647",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36986"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36986"
}
]
},
"last_update_date": "2023-12-18T12:35:57.458000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.autopi.io/"
},
{
"title": "Patch for AutoPi.io AutoPi Wi-Fi / NB and AutoPi 4G / LTE Brute Force Attack Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/186815"
},
{
"title": "AutoPi.io AutoPi Wi-Fi/NB and AutoPi 4G/LTE Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100346"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36986"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011159"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-811"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-307",
"trust": 1.0
},
{
"problemtype": "CWE-522",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011159"
},
{
"db": "NVD",
"id": "CVE-2019-12941"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12941"
},
{
"trust": 1.6,
"url": "http://www.diva-portal.org/smash/get/diva2:1334244/fulltext01.pdf"
},
{
"trust": 1.6,
"url": "https://www.kth.se/nse/research/software-systems-architecture-and-security/"
},
{
"trust": 1.4,
"url": "https://www.kth.se/polopoly_fs/1.931922.1571071632!/burdzovic_matsson_dongle_v2.pdf"
},
{
"trust": 1.0,
"url": "https://www.kth.se/polopoly_fs/1.931922.1571071632%21/burdzovic_matsson_dongle_v2.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12941"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36986"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011159"
},
{
"db": "NVD",
"id": "CVE-2019-12941"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-811"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-36986"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011159"
},
{
"db": "NVD",
"id": "CVE-2019-12941"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-811"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36986"
},
{
"date": "2019-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011159"
},
{
"date": "2019-10-14T18:15:10.387000",
"db": "NVD",
"id": "CVE-2019-12941"
},
{
"date": "2019-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-811"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36986"
},
{
"date": "2019-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011159"
},
{
"date": "2023-11-07T03:03:43.947000",
"db": "NVD",
"id": "CVE-2019-12941"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-811"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-811"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AutoPi Wi-Fi/NB and 4G/LTE Vulnerability related to information leak from cache in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011159"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-811"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…