CVE-2019-11061 - OpenCVE

A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:A/AC:L/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Asus	Hg100 Firmware Hg100

Configuration 1 [-]

AND

cpe:2.3:o:asus:hg100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:hg100:-:*:*:*:*:*:*:*

References

Link	Resource
http://surl.twcert.org.tw/5df6x	Third Party Advisory
https://github.com/tim124058/ASUS-SmartHome-Exploit/	Exploit Third Party Advisory
https://tvn.twcert.org.tw/taiwanvn/TVN-201906003	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: twcert

Published: 2019-08-20T00:00:00

Updated: 2019-09-04T12:36:03

Reserved: 2019-04-09T00:00:00

Link: CVE-2019-11061

JSON object: View

NVD Information

Status : Modified

Published: 2019-08-29T01:15:10.930

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-11061

JSON object: View

Redhat Information

No data.

CWE

CWE-306

{"containers": {"cna": {"affected": [{"product": "HG100 firmware", "vendor": "ASUS", "versions": [{"status": "affected", "version": "up to 4.00.0.6"}]}], "credits": [{"lang": "en", "value": "timhuang"}], "datePublic": "2019-08-20T00:00:00", "descriptions": [{"lang": "en", "value": "A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Boken Access Control", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-04T12:36:03", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906003"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://surl.twcert.org.tw/5df6x"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/tim124058/ASUS-SmartHome-Exploit/"}], "source": {"discovery": "EXTERNAL"}, "title": "HG100 has a broken access control vulnerability in its Web API Server", "x_generator": {"engine": "Vulnogram 0.0.7"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2019-08-20T16:00:00.000Z", "ID": "CVE-2019-11061", "STATE": "PUBLIC", "TITLE": "HG100 has a broken access control vulnerability in its Web API Server"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HG100 firmware", "version": {"version_data": [{"version_value": "up to 4.00.0.6"}]}}]}, "vendor_name": "ASUS"}]}}, "credit": [{"lang": "eng", "value": "timhuang"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."}]}, "generator": {"engine": "Vulnogram 0.0.7"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Boken Access Control"}]}]}, "references": {"reference_data": [{"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906003", "refsource": "CONFIRM", "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906003"}, {"name": "http://surl.twcert.org.tw/5df6x", "refsource": "CONFIRM", "url": "http://surl.twcert.org.tw/5df6x"}, {"name": "https://github.com/tim124058/ASUS-SmartHome-Exploit/", "refsource": "CONFIRM", "url": "https://github.com/tim124058/ASUS-SmartHome-Exploit/"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2019-11061", "datePublished": "2019-08-20T00:00:00", "dateReserved": "2019-04-09T00:00:00", "dateUpdated": "2019-09-04T12:36:03", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:hg100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B3A41D7-B16C-4FA5-89A3-BF761FEF8444", "versionEndExcluding": "4.00.09", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:hg100:-:*:*:*:*:*:*:*", "matchCriteriaId": "DFEFB004-6477-408B-A114-8ABCA8AC8D19", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."}, {"lang": "es", "value": "Una vulnerabilidad de control de acceso interrumpida en las versiones de firmware HG100 hasta 4.00.06 permite que un atacante en la misma red de \u00e1rea local controle dispositivos IoT que se conectan a s\u00ed mismos mediante http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 Puntuaci\u00f3n Base 10 (Impactos de Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."}], "id": "CVE-2019-11061", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2019-08-29T01:15:10.930", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "http://surl.twcert.org.tw/5df6x"}, {"source": "twcert@cert.org.tw", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/tim124058/ASUS-SmartHome-Exploit/"}, {"source": "twcert@cert.org.tw", "tags": ["Exploit", "Third Party Advisory"], "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906003"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}