Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-15911

An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Because of insecure key transport in ZigBee communication, attackers can obtain sensitive information, cause the multiple denial of service attacks, take over smart home devices, and tamper with messages.

Published

2019-12-20T17:15:11.347

Last Modified

2024-11-21T04:29:42.660

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-319

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	asus	hg100_firmware	-	Yes
Hardware	asus	hg100	-	No
Operating System	asus	mw100_firmware	-	Yes
Hardware	asus	mw100	-	No
Operating System	asus	ws-101_firmware	-	Yes
Hardware	asus	ws-101	-	No
Operating System	asus	ts-101_firmware	-	Yes
Hardware	asus	ts-101	-	No
Operating System	asus	as-101_firmware	-	Yes
Hardware	asus	as-101	-	No
Operating System	asus	ms-101_firmware	-	Yes
Hardware	asus	ms-101	-	No
Operating System	asus	dl-101_firmware	-	Yes
Hardware	asus	dl-101	-	No

References

https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15911.md Exploit, Third Party Advisory ([email protected])
https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15911.md Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)