CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-11061

A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.085

EPSS Ranking 91.9%

CVSS Severity

CVSS v3 Score 10.0

CVSS v2 Score 4.8

References

http://surl.twcert.org.tw/5df6x
https://github.com/tim124058/ASUS-SmartHome-Exploit/
https://tvn.twcert.org.tw/taiwanvn/TVN-201906003
http://surl.twcert.org.tw/5df6x
https://github.com/tim124058/ASUS-SmartHome-Exploit/
https://tvn.twcert.org.tw/taiwanvn/TVN-201906003

Products affected by CVE-2019-11061

Asus » Hg100 » Version: N/A

cpe:2.3:h:asus:hg100:-
Asus » Hg100 Firmware » Version: N/A

cpe:2.3:o:asus:hg100_firmware:-
Asus » Hg100 Firmware » Version: 1.05.12

cpe:2.3:o:asus:hg100_firmware:1.05.12
Asus » Hg100 Firmware » Version: 4.00.06

cpe:2.3:o:asus:hg100_firmware:4.00.06

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-11061

Products

Pricing

Contact Us