Lucene search

[email protected]CVE-2019-13474

HistorySep 16, 2019 - 12:15 p.m.

CVE-2019-13474

2019-09-1612:15:10

CWE-798

[email protected]

web.nvd.nist.gov

cve

2019

13474

telestar

bobs rock radio

dabman d10

dabman i30 stereo

imperial

security

access control

commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.6%

JSON

TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have insufficient access control for the /set_dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands.

Affected configurations

NVD

Node

telestarbobs_rock_radioMatch-

AND

telestarbobs_rock_radio_firmwareMatch-

Node

telestardabman_d10Match-

AND

telestardabman_d10_firmwareMatch-

Node

telestardabman_i30_stereoMatch-

AND

telestardabman_i30_stereo_firmwareMatch-

Node

telestarimperial_i110Match-

AND

telestarimperial_i110_firmwareMatch-

Node

telestarimperial_i150Match-

AND

telestarimperial_i150_firmwareMatch-

Node

telestarimperial_i200Match-

AND

telestarimperial_i200_firmwareMatch-

Node

telestarimperial_i200-cdMatch-

AND

telestarimperial_i200-cd_firmwareMatch-

Node

telestarimperial_i400Match-

AND

telestarimperial_i400_firmwareMatch-

Node

telestarimperial_i450_firmwareMatch-

AND

telestarimperial_i450Match-

Node

telestarimperial_i500-bt_firmwareMatch-

AND

telestarimperial_i500-btMatch-

Node

telestarimperial_i600_firmwareMatch-

AND

telestarimperial_i600Match-

CPENameOperatorVersion
telestar:bobs_rock_radio_firmwaretelestar bobs rock radio firmwareeq-

CPE	Name	Operator	Version
telestar:bobs_rock_radio_firmware	telestar bobs rock radio firmware	eq	-

References

packetstormsecurity.com/files/174503/Internet-Radio-auna-IR-160-SE-UIProto-DoS-XSS-Missing-Authentication.html

seclists.org/fulldisclosure/2019/Sep/12

seclists.org/fulldisclosure/2023/Sep/1

www.vulnerability-lab.com/get_content.php?id=2183

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.6%

JSON

Related for CVE-2019-13474

nvd1 openvas2 prion1 cvelist1 packetstorm2 threatpost1 vulnerlab2