var-202103-0080
Vulnerability from variot
Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack. Advantech Spectre RT ERT351 Is vulnerable to improper restriction of excessive authentication attempts.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Advantech Spectre RT ERT351 is a router of American Advantech company that provides network routing function.
Advantech Spectre RT ERT351 has security vulnerabilities that allow remote attackers to use the vulnerabilities to submit special requests and brute force to access the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-0080",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "spectre rt ert351",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "5.1.3"
},
{
"model": "spectre rt ert351",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "spectre rt ert351 firmware 5.1.3 and earlier"
},
{
"model": "spectre rt ert351",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "spectre rt ert351",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "spectre rt ert351",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=5.1.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28791"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016220"
},
{
"db": "NVD",
"id": "CVE-2019-18235"
}
]
},
"cve": "CVE-2019-18235",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-18235",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-28791",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-18235",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-18235",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-18235",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-18235",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-28791",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-1543",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2019-18235",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28791"
},
{
"db": "VULMON",
"id": "CVE-2019-18235"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016220"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1543"
},
{
"db": "NVD",
"id": "CVE-2019-18235"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack. Advantech Spectre RT ERT351 Is vulnerable to improper restriction of excessive authentication attempts.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Advantech Spectre RT ERT351 is a router of American Advantech company that provides network routing function. \n\r\n\r\nAdvantech Spectre RT ERT351 has security vulnerabilities that allow remote attackers to use the vulnerabilities to submit special requests and brute force to access the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18235"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016220"
},
{
"db": "CNVD",
"id": "CNVD-2021-28791"
},
{
"db": "VULMON",
"id": "CVE-2019-18235"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18235",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-21-054-03",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU98128183",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016220",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-28791",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0680",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1543",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-18235",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28791"
},
{
"db": "VULMON",
"id": "CVE-2019-18235"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016220"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1543"
},
{
"db": "NVD",
"id": "CVE-2019-18235"
}
]
},
"id": "VAR-202103-0080",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28791"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28791"
}
]
},
"last_update_date": "2024-11-23T21:06:51.137000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SA-2021-01-01",
"trust": 0.8,
"url": "https://icr.advantech.cz/support/router-models/download/511/sa-2021-01-fw-5.1.3-and-older-en.pdf"
},
{
"title": "Patch for Advantech Spectre RT ERT351 brute force cracking vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/258961"
},
{
"title": "Advantech Spectre RT Industrial Routers Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142893"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28791"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016220"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1543"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-307",
"trust": 1.0
},
{
"problemtype": "Inappropriate restriction of excessive authentication attempts (CWE-307) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016220"
},
{
"db": "NVD",
"id": "CVE-2019-18235"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-054-03"
},
{
"trust": 1.7,
"url": "https://ep.advantech-bb.cz/support/router-models/download/511/sa-2021-01-fw-5.1.3-and-older-en.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18235"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98128183/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0680"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/307.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197343"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28791"
},
{
"db": "VULMON",
"id": "CVE-2019-18235"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016220"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1543"
},
{
"db": "NVD",
"id": "CVE-2019-18235"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-28791"
},
{
"db": "VULMON",
"id": "CVE-2019-18235"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016220"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1543"
},
{
"db": "NVD",
"id": "CVE-2019-18235"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-28791"
},
{
"date": "2021-03-17T00:00:00",
"db": "VULMON",
"id": "CVE-2019-18235"
},
{
"date": "2021-11-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-016220"
},
{
"date": "2021-02-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1543"
},
{
"date": "2021-03-17T19:15:11.960000",
"db": "NVD",
"id": "CVE-2019-18235"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-28791"
},
{
"date": "2021-03-23T00:00:00",
"db": "VULMON",
"id": "CVE-2019-18235"
},
{
"date": "2021-11-24T07:40:00",
"db": "JVNDB",
"id": "JVNDB-2019-016220"
},
{
"date": "2021-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1543"
},
{
"date": "2024-11-21T04:32:53.757000",
"db": "NVD",
"id": "CVE-2019-18235"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1543"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech\u00a0Spectre\u00a0RT\u00a0ERT351\u00a0 Vulnerability regarding improper restriction of excessive authentication attempts in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016220"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1543"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…