CVE-2019-11063 - OpenCVE

A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Asus	Smarthome

Configuration 1 [-]

OR	cpe:2.3:a:asus:smarthome::::::iphone_os::*
	cpe:2.3:a:asus:smarthome::::::android::*

References

Link	Resource
http://surl.twcert.org.tw/5LWQJ	Third Party Advisory
https://github.com/tim124058/ASUS-SmartHome-Exploit/	Exploit Third Party Advisory
https://tvn.twcert.org.tw/taiwanvn/TVN-201908014	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: twcert

Published: 2019-08-20T00:00:00

Updated: 2019-09-04T12:36:03

Reserved: 2019-04-09T00:00:00

Link: CVE-2019-11063

JSON object: View

NVD Information

Status : Modified

Published: 2019-08-29T01:15:10.990

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-11063

JSON object: View

Redhat Information

No data.

CWE

CWE-306

{"containers": {"cna": {"affected": [{"product": "SmartHome Android app", "vendor": "ASUS", "versions": [{"status": "affected", "version": "up to 3.0.42_190515"}]}, {"product": "SmartHome ios app", "vendor": "ASUS", "versions": [{"status": "affected", "version": "up to 2.0.22"}]}], "credits": [{"lang": "en", "value": "timhuang"}], "datePublic": "2019-08-20T00:00:00", "descriptions": [{"lang": "en", "value": "A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Boken Access Control", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-04T12:36:03", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/tim124058/ASUS-SmartHome-Exploit/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908014"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://surl.twcert.org.tw/5LWQJ"}], "source": {"discovery": "EXTERNAL"}, "title": "SmartHome application has a broken access control vulnerability in its Web API Server", "x_generator": {"engine": "Vulnogram 0.0.7"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2019-08-20T16:00:00.000Z", "ID": "CVE-2019-11063", "STATE": "PUBLIC", "TITLE": "SmartHome application has a broken access control vulnerability in its Web API Server"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SmartHome Android app", "version": {"version_data": [{"version_value": "up to 3.0.42_190515"}]}}, {"product_name": "SmartHome ios app", "version": {"version_data": [{"version_value": "up to 2.0.22"}]}}]}, "vendor_name": "ASUS"}]}}, "credit": [{"lang": "eng", "value": "timhuang"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."}]}, "generator": {"engine": "Vulnogram 0.0.7"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Boken Access Control"}]}]}, "references": {"reference_data": [{"name": "https://github.com/tim124058/ASUS-SmartHome-Exploit/", "refsource": "CONFIRM", "url": "https://github.com/tim124058/ASUS-SmartHome-Exploit/"}, {"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908014", "refsource": "CONFIRM", "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908014"}, {"name": "http://surl.twcert.org.tw/5LWQJ", "refsource": "CONFIRM", "url": "http://surl.twcert.org.tw/5LWQJ"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2019-11063", "datePublished": "2019-08-20T00:00:00", "dateReserved": "2019-04-09T00:00:00", "dateUpdated": "2019-09-04T12:36:03", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:asus:smarthome:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "3DE3FB52-3C29-461B-B7D4-8EF04D088DB2", "versionEndExcluding": "2.0.22", "vulnerable": true}, {"criteria": "cpe:2.3:a:asus:smarthome:*:*:*:*:*:android:*:*", "matchCriteriaId": "8B2A70D9-9661-49CD-BCFA-751709C8D9DA", "versionEndExcluding": "3.0.42_190515", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."}, {"lang": "es", "value": "Una vulnerabilidad de control de acceso interrumpida en la aplicaci\u00f3n SmartHome (versiones de Android hasta 3.0.42_190515, versiones de iOS hasta 2.0.22) permite a un atacante dentro de la misma red de \u00e1rea local enumerar cuentas de usuario y controlar dispositivos IoT que conectan con su puerta de enlace (HG100) por medio de http://[target]/smarthome/devicecontrol sin ninguna autenticaci\u00f3n. CVSS 3.0 Puntuaci\u00f3n Base 10 (Impactos de Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."}], "id": "CVE-2019-11063", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2019-08-29T01:15:10.990", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "http://surl.twcert.org.tw/5LWQJ"}, {"source": "twcert@cert.org.tw", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/tim124058/ASUS-SmartHome-Exploit/"}, {"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908014"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}