Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
15 vulnerabilities by AndroVideo
VAR-201908-0568
Vulnerability from variot - Updated: 2023-12-18 13:56A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay or to install mining software. Advan VD-1 The firmware contains a vulnerability related to access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AndroVideo Advan VD-1 is a security camera from Taiwan's AndroVideo.
AndroVideo Advan VD-1 has an access control error vulnerability. No detailed vulnerability details are provided at this time. AndroVideo Advan VD-1 is a security camera produced by AndroVideo Company in Taiwan, China. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0568",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vd 1",
"scope": "eq",
"trust": 1.0,
"vendor": "androvideo",
"version": "230"
},
{
"model": "advan vd-1",
"scope": "eq",
"trust": 0.8,
"vendor": "androvideo",
"version": "230"
},
{
"model": "advan vd-1",
"scope": "lte",
"trust": 0.6,
"vendor": "androvideo",
"version": "\u003c=230"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34624"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008907"
},
{
"db": "NVD",
"id": "CVE-2019-13405"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:androvideo:vd_1_firmware:230:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:androvideo:vd_1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13405"
}
]
},
"cve": "CVE-2019-13405",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-13405",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-34624",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-145248",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13405",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-13405",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-34624",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-2177",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-145248",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34624"
},
{
"db": "VULHUB",
"id": "VHN-145248"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008907"
},
{
"db": "NVD",
"id": "CVE-2019-13405"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2177"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay or to install mining software. Advan VD-1 The firmware contains a vulnerability related to access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AndroVideo Advan VD-1 is a security camera from Taiwan\u0027s AndroVideo. \n\nAndroVideo Advan VD-1 has an access control error vulnerability. No detailed vulnerability details are provided at this time. AndroVideo Advan VD-1 is a security camera produced by AndroVideo Company in Taiwan, China. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13405"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008907"
},
{
"db": "CNVD",
"id": "CNVD-2019-34624"
},
{
"db": "VULHUB",
"id": "VHN-145248"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13405",
"trust": 3.1
},
{
"db": "TWCERT",
"id": "TVN-201906006",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008907",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2177",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-34624",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-145248",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34624"
},
{
"db": "VULHUB",
"id": "VHN-145248"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008907"
},
{
"db": "NVD",
"id": "CVE-2019-13405"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2177"
}
]
},
"id": "VAR-201908-0568",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34624"
},
{
"db": "VULHUB",
"id": "VHN-145248"
}
],
"trust": 1.4222222
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34624"
}
]
},
"last_update_date": "2023-12-18T13:56:38.041000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.androvideo.com/"
},
{
"title": "Patch for AndroVideo Advan VD-1 Access Control Error Vulnerability (CNVD-2019-34624)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/183551"
},
{
"title": "AndroVideo Advan VD-1 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=97660"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34624"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008907"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2177"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145248"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008907"
},
{
"db": "NVD",
"id": "CVE-2019-13405"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://tvn.twcert.org.tw/taiwanvn/tvn-201906006"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13405"
},
{
"trust": 1.7,
"url": "http://surl.twcert.org.tw/venhn"
},
{
"trust": 1.7,
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13405"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34624"
},
{
"db": "VULHUB",
"id": "VHN-145248"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008907"
},
{
"db": "NVD",
"id": "CVE-2019-13405"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2177"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-34624"
},
{
"db": "VULHUB",
"id": "VHN-145248"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008907"
},
{
"db": "NVD",
"id": "CVE-2019-13405"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2177"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34624"
},
{
"date": "2019-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-145248"
},
{
"date": "2019-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008907"
},
{
"date": "2019-08-29T01:15:11.587000",
"db": "NVD",
"id": "CVE-2019-13405"
},
{
"date": "2019-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2177"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34624"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-145248"
},
{
"date": "2019-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008907"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-13405"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2177"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2177"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advan VD-1 Firmware access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008907"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2177"
}
],
"trust": 0.6
}
}
VAR-201908-0569
Vulnerability from variot - Updated: 2023-12-18 13:47A broken access control vulnerability found in Advan VD-1 firmware versions up to 230. An attacker can send a POST request to cgibin/ApkUpload.cgi to install arbitrary APK without any authentication. AndroVideo Advan VD-1 is a security camera from Taiwan's AndroVideo. AndroVideo Advan VD-1 is a security camera produced by AndroVideo Company in Taiwan, China
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0569",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vd 1",
"scope": "lte",
"trust": 1.0,
"vendor": "androvideo",
"version": "230"
},
{
"model": "advan vd-1",
"scope": "lte",
"trust": 0.8,
"vendor": "androvideo",
"version": "230"
},
{
"model": "gv-vd8700",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
},
{
"model": "gv-vr360",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
},
{
"model": "advan vd-1",
"scope": "lte",
"trust": 0.6,
"vendor": "androvideo",
"version": "\u003c=230"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34623"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008720"
},
{
"db": "NVD",
"id": "CVE-2019-13406"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:androvideo:vd_1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "230",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:androvideo:vd_1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13406"
}
]
},
"cve": "CVE-2019-13406",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-13406",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-34623",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-145249",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-13406",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-13406",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-34623",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-2178",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-145249",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34623"
},
{
"db": "VULHUB",
"id": "VHN-145249"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008720"
},
{
"db": "NVD",
"id": "CVE-2019-13406"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2178"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A broken access control vulnerability found in Advan VD-1 firmware versions up to 230. An attacker can send a POST request to cgibin/ApkUpload.cgi to install arbitrary APK without any authentication. AndroVideo Advan VD-1 is a security camera from Taiwan\u0027s AndroVideo. AndroVideo Advan VD-1 is a security camera produced by AndroVideo Company in Taiwan, China",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13406"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008720"
},
{
"db": "CNVD",
"id": "CNVD-2019-34623"
},
{
"db": "VULHUB",
"id": "VHN-145249"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13406",
"trust": 3.1
},
{
"db": "TWCERT",
"id": "TVN-201906007",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008720",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2178",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-34623",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-145249",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34623"
},
{
"db": "VULHUB",
"id": "VHN-145249"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008720"
},
{
"db": "NVD",
"id": "CVE-2019-13406"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2178"
}
]
},
"id": "VAR-201908-0569",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34623"
},
{
"db": "VULHUB",
"id": "VHN-145249"
}
],
"trust": 1.4222222
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34623"
}
]
},
"last_update_date": "2023-12-18T13:47:51.955000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.androvideo.com/"
},
{
"title": "GV-VR360",
"trust": 0.8,
"url": "http://www.geovision.com.tw/jp/product/gv-vr360"
},
{
"title": "GV-VD8700",
"trust": 0.8,
"url": "http://www.geovision.com.tw/jp/product/gv-vd8700"
},
{
"title": "Patch for AndroVideo Advan VD-1 Access Control Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/183553"
},
{
"title": "AndroVideo Advan VD-1 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=97661"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34623"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008720"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2178"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145249"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008720"
},
{
"db": "NVD",
"id": "CVE-2019-13406"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13406"
},
{
"trust": 1.7,
"url": "http://surl.twcert.org.tw/hvut7"
},
{
"trust": 1.7,
"url": "https://tvn.twcert.org.tw/taiwanvn/tvn-201906007"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13406"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34623"
},
{
"db": "VULHUB",
"id": "VHN-145249"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008720"
},
{
"db": "NVD",
"id": "CVE-2019-13406"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2178"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-34623"
},
{
"db": "VULHUB",
"id": "VHN-145249"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008720"
},
{
"db": "NVD",
"id": "CVE-2019-13406"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2178"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34623"
},
{
"date": "2019-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-145249"
},
{
"date": "2019-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008720"
},
{
"date": "2019-08-29T01:15:11.647000",
"db": "NVD",
"id": "CVE-2019-13406"
},
{
"date": "2019-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2178"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34623"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-145249"
},
{
"date": "2019-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008720"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-13406"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2178"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2178"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AndroVideo Advan VD-1 Access Control Error Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34623"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2178"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2178"
}
],
"trust": 0.6
}
}
VAR-201908-0571
Vulnerability from variot - Updated: 2023-12-18 13:28A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication. AndroVideo Advan VD-1 is a security camera from Taiwan's AndroVideo. An attacker could use this vulnerability to access locations outside the restricted directory. AndroVideo Advan VD-1 is a security camera produced by AndroVideo Company in Taiwan, China. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0571",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gv-vd8700",
"scope": "lte",
"trust": 1.0,
"vendor": "geovision",
"version": "1.01"
},
{
"model": "vd 1",
"scope": "lte",
"trust": 1.0,
"vendor": "androvideo",
"version": "230"
},
{
"model": "gv-vr360",
"scope": "lte",
"trust": 1.0,
"vendor": "geovision",
"version": "1.10"
},
{
"model": "advan vd-1",
"scope": "lte",
"trust": 0.8,
"vendor": "androvideo",
"version": "230"
},
{
"model": "gv-vd8700",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
},
{
"model": "gv-vr360",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
},
{
"model": "advan vd-1",
"scope": "lte",
"trust": 0.6,
"vendor": "androvideo",
"version": "\u003c=230"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34622"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008722"
},
{
"db": "NVD",
"id": "CVE-2019-13408"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:androvideo:vd_1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "230",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:androvideo:vd_1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geovision:gv-vr360_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geovision:gv-vr360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geovision:gv-vd8700_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geovision:gv-vd8700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13408"
}
]
},
"cve": "CVE-2019-13408",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-13408",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-34622",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-145251",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13408",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-13408",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-34622",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-2182",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-145251",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34622"
},
{
"db": "VULHUB",
"id": "VHN-145251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008722"
},
{
"db": "NVD",
"id": "CVE-2019-13408"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2182"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication. AndroVideo Advan VD-1 is a security camera from Taiwan\u0027s AndroVideo. An attacker could use this vulnerability to access locations outside the restricted directory. AndroVideo Advan VD-1 is a security camera produced by AndroVideo Company in Taiwan, China. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13408"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008722"
},
{
"db": "CNVD",
"id": "CNVD-2019-34622"
},
{
"db": "VULHUB",
"id": "VHN-145251"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13408",
"trust": 3.1
},
{
"db": "TWCERT",
"id": "TVN-201906009",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008722",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2182",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-34622",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-145251",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34622"
},
{
"db": "VULHUB",
"id": "VHN-145251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008722"
},
{
"db": "NVD",
"id": "CVE-2019-13408"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2182"
}
]
},
"id": "VAR-201908-0571",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34622"
},
{
"db": "VULHUB",
"id": "VHN-145251"
}
],
"trust": 1.4222222
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34622"
}
]
},
"last_update_date": "2023-12-18T13:28:29.418000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.androvideo.com/"
},
{
"title": "GV-VR360",
"trust": 0.8,
"url": "http://www.geovision.com.tw/jp/product/gv-vr360"
},
{
"title": "GV-VD8700",
"trust": 0.8,
"url": "http://www.geovision.com.tw/jp/product/gv-vd8700"
},
{
"title": "Patch for AndroVideo Advan VD-1 path traversal vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/183555"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34622"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008722"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
},
{
"problemtype": "CWE-862",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008722"
},
{
"db": "NVD",
"id": "CVE-2019-13408"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13408"
},
{
"trust": 1.7,
"url": "http://surl.twcert.org.tw/2bvxq"
},
{
"trust": 1.7,
"url": "https://tvn.twcert.org.tw/taiwanvn/tvn-201906009"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13408"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34622"
},
{
"db": "VULHUB",
"id": "VHN-145251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008722"
},
{
"db": "NVD",
"id": "CVE-2019-13408"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2182"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-34622"
},
{
"db": "VULHUB",
"id": "VHN-145251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008722"
},
{
"db": "NVD",
"id": "CVE-2019-13408"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2182"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34622"
},
{
"date": "2019-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-145251"
},
{
"date": "2019-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008722"
},
{
"date": "2019-08-29T01:15:11.803000",
"db": "NVD",
"id": "CVE-2019-13408"
},
{
"date": "2019-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2182"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34622"
},
{
"date": "2020-10-08T00:00:00",
"db": "VULHUB",
"id": "VHN-145251"
},
{
"date": "2019-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008722"
},
{
"date": "2020-10-08T13:37:17.160000",
"db": "NVD",
"id": "CVE-2019-13408"
},
{
"date": "2020-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2182"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2182"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AndroVideo Advan VD-1 path traversal vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34622"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2182"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2182"
}
],
"trust": 0.6
}
}
VAR-201908-0570
Vulnerability from variot - Updated: 2023-12-18 12:36A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly. Advan VD-1 The firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AndroVideo Advan VD-1 is a security camera produced by AndroVideo Company in Taiwan, China. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0570",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gv-vd8700",
"scope": "lte",
"trust": 1.0,
"vendor": "geovision",
"version": "1.01"
},
{
"model": "vd 1",
"scope": "lte",
"trust": 1.0,
"vendor": "androvideo",
"version": "230"
},
{
"model": "gv-vr360",
"scope": "lte",
"trust": 1.0,
"vendor": "geovision",
"version": "1.10"
},
{
"model": "advan vd-1",
"scope": "lte",
"trust": 0.8,
"vendor": "androvideo",
"version": "230"
},
{
"model": "gv-vd8700",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
},
{
"model": "gv-vr360",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008721"
},
{
"db": "NVD",
"id": "CVE-2019-13407"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:androvideo:vd_1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "230",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:androvideo:vd_1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geovision:gv-vr360_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geovision:gv-vr360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geovision:gv-vd8700_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geovision:gv-vd8700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13407"
}
]
},
"cve": "CVE-2019-13407",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-13407",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-145250",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-13407",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-13407",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-2181",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-145250",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145250"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008721"
},
{
"db": "NVD",
"id": "CVE-2019-13407"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2181"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly. Advan VD-1 The firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AndroVideo Advan VD-1 is a security camera produced by AndroVideo Company in Taiwan, China. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13407"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008721"
},
{
"db": "VULHUB",
"id": "VHN-145250"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13407",
"trust": 2.5
},
{
"db": "TWCERT",
"id": "TVN-201906008",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008721",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2181",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-145250",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145250"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008721"
},
{
"db": "NVD",
"id": "CVE-2019-13407"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2181"
}
]
},
"id": "VAR-201908-0570",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-145250"
}
],
"trust": 0.8222222
},
"last_update_date": "2023-12-18T12:36:05.167000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.androvideo.com/"
},
{
"title": "GV-VR360",
"trust": 0.8,
"url": "http://www.geovision.com.tw/jp/product/gv-vr360"
},
{
"title": "GV-VD8700",
"trust": 0.8,
"url": "http://www.geovision.com.tw/jp/product/gv-vd8700"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008721"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145250"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008721"
},
{
"db": "NVD",
"id": "CVE-2019-13407"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"trust": 1.7,
"url": "http://surl.twcert.org.tw/sptwh"
},
{
"trust": 1.7,
"url": "https://tvn.twcert.org.tw/taiwanvn/tvn-201906008"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13407"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13407"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145250"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008721"
},
{
"db": "NVD",
"id": "CVE-2019-13407"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2181"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-145250"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008721"
},
{
"db": "NVD",
"id": "CVE-2019-13407"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2181"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-145250"
},
{
"date": "2019-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008721"
},
{
"date": "2019-08-29T01:15:11.710000",
"db": "NVD",
"id": "CVE-2019-13407"
},
{
"date": "2019-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2181"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-145250"
},
{
"date": "2019-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008721"
},
{
"date": "2019-10-09T23:46:27.500000",
"db": "NVD",
"id": "CVE-2019-13407"
},
{
"date": "2020-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2181"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2181"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advan VD-1 Firmware cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008721"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2181"
}
],
"trust": 0.6
}
}
VAR-201908-1826
Vulnerability from variot - Updated: 2023-12-18 12:36A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator’s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication. AndroVideo Advan VD-1 is a security camera from Taiwan's AndroVideo.
AndroVideo Advan VD-1 has a trust management issue vulnerability. AndroVideo Advan VD-1 is a security camera produced by AndroVideo Company in Taiwan, China. to attack affected components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-1826",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gv-vd8700",
"scope": "lte",
"trust": 1.0,
"vendor": "geovision",
"version": "1.01"
},
{
"model": "vd 1",
"scope": "lte",
"trust": 1.0,
"vendor": "androvideo",
"version": "230"
},
{
"model": "gv-vr360",
"scope": "lte",
"trust": 1.0,
"vendor": "geovision",
"version": "1.10"
},
{
"model": "advan vd-1",
"scope": "lte",
"trust": 0.8,
"vendor": "androvideo",
"version": "230"
},
{
"model": "gv-vd8700",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
},
{
"model": "gv-vr360",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
},
{
"model": "advan vd-1",
"scope": "lte",
"trust": 0.6,
"vendor": "androvideo",
"version": "\u003c=230"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34625"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008724"
},
{
"db": "NVD",
"id": "CVE-2019-11064"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:androvideo:vd_1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "230",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:androvideo:vd_1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geovision:gv-vr360_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geovision:gv-vr360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geovision:gv-vd8700_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geovision:gv-vd8700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11064"
}
]
},
"cve": "CVE-2019-11064",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-11064",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-34625",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-142673",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-11064",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-11064",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-11064",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-34625",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-2174",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-142673",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-11064",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34625"
},
{
"db": "VULHUB",
"id": "VHN-142673"
},
{
"db": "VULMON",
"id": "CVE-2019-11064"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008724"
},
{
"db": "NVD",
"id": "CVE-2019-11064"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2174"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator\u2019s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication. AndroVideo Advan VD-1 is a security camera from Taiwan\u0027s AndroVideo. \n\nAndroVideo Advan VD-1 has a trust management issue vulnerability. AndroVideo Advan VD-1 is a security camera produced by AndroVideo Company in Taiwan, China. to attack affected components",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11064"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008724"
},
{
"db": "CNVD",
"id": "CNVD-2019-34625"
},
{
"db": "VULHUB",
"id": "VHN-142673"
},
{
"db": "VULMON",
"id": "CVE-2019-11064"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-11064",
"trust": 3.2
},
{
"db": "TWCERT",
"id": "TVN-201906005",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008724",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2174",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-34625",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-142673",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-11064",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34625"
},
{
"db": "VULHUB",
"id": "VHN-142673"
},
{
"db": "VULMON",
"id": "CVE-2019-11064"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008724"
},
{
"db": "NVD",
"id": "CVE-2019-11064"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2174"
}
]
},
"id": "VAR-201908-1826",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34625"
},
{
"db": "VULHUB",
"id": "VHN-142673"
}
],
"trust": 1.4222222
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34625"
}
]
},
"last_update_date": "2023-12-18T12:36:03.498000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.androvideo.com/"
},
{
"title": "GV-VR360",
"trust": 0.8,
"url": "http://www.geovision.com.tw/jp/product/gv-vr360"
},
{
"title": "GV-VD8700",
"trust": 0.8,
"url": "http://www.geovision.com.tw/jp/product/gv-vd8700"
},
{
"title": "Patch for AndroVideo Advan VD-1 Trust Management Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/183549"
},
{
"title": "AndroVideo Advan VD-1 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=97657"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34625"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008724"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2174"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142673"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008724"
},
{
"db": "NVD",
"id": "CVE-2019-11064"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11064"
},
{
"trust": 1.8,
"url": "http://surl.twcert.org.tw/gcdqn"
},
{
"trust": 1.8,
"url": "https://tvn.twcert.org.tw/taiwanvn/tvn-201906005"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11064"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34625"
},
{
"db": "VULHUB",
"id": "VHN-142673"
},
{
"db": "VULMON",
"id": "CVE-2019-11064"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008724"
},
{
"db": "NVD",
"id": "CVE-2019-11064"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2174"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-34625"
},
{
"db": "VULHUB",
"id": "VHN-142673"
},
{
"db": "VULMON",
"id": "CVE-2019-11064"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008724"
},
{
"db": "NVD",
"id": "CVE-2019-11064"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2174"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34625"
},
{
"date": "2019-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-142673"
},
{
"date": "2019-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11064"
},
{
"date": "2019-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008724"
},
{
"date": "2019-08-29T01:15:11.087000",
"db": "NVD",
"id": "CVE-2019-11064"
},
{
"date": "2019-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2174"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34625"
},
{
"date": "2020-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-142673"
},
{
"date": "2020-10-02T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11064"
},
{
"date": "2019-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008724"
},
{
"date": "2020-10-02T15:27:36.407000",
"db": "NVD",
"id": "CVE-2019-11064"
},
{
"date": "2020-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2174"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2174"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advan VD-1 Firmware vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008724"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2174"
}
],
"trust": 0.6
}
}
CVE-2019-13407 (GCVE-0-2019-13407)
Vulnerability from cvelistv5 – Published: 2019-08-29 00:19 – Updated: 2024-09-16 22:16- CWE-79 - Cross-site Scripting (XSS)
| URL | Tags |
|---|---|
| https://gist.github.com/keniver/f5155b42eb278ec02… | x_refsource_CONFIRM |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201906008 | x_refsource_CONFIRM |
| http://surl.twcert.org.tw/SpTwh | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| AndroVideo | Advan VD-1 firmware |
Affected:
up to 230
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:25.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906008"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://surl.twcert.org.tw/SpTwh"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advan VD-1 firmware",
"vendor": "AndroVideo",
"versions": [
{
"status": "affected",
"version": "up to 230"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Keniver Wang (CHT Security)"
}
],
"datePublic": "2019-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T00:19:39.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906008"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://surl.twcert.org.tw/SpTwh"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Advan VD-1 has a reflected XSS vulnerability in page cgibin/ssi.cgi",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-08-20T16:00:00.000Z",
"ID": "CVE-2019-13407",
"STATE": "PUBLIC",
"TITLE": "Advan VD-1 has a reflected XSS vulnerability in page cgibin/ssi.cgi"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advan VD-1 firmware",
"version": {
"version_data": [
{
"version_value": "up to 230"
}
]
}
}
]
},
"vendor_name": "AndroVideo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Keniver Wang (CHT Security)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md",
"refsource": "CONFIRM",
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906008",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906008"
},
{
"name": "http://surl.twcert.org.tw/SpTwh",
"refsource": "CONFIRM",
"url": "http://surl.twcert.org.tw/SpTwh"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-13407",
"datePublished": "2019-08-29T00:19:39.243Z",
"dateReserved": "2019-07-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:16:10.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13406 (GCVE-0-2019-13406)
Vulnerability from cvelistv5 – Published: 2019-08-29 00:19 – Updated: 2024-09-16 23:16- Broken access control
| URL | Tags |
|---|---|
| https://gist.github.com/keniver/f5155b42eb278ec02… | x_refsource_CONFIRM |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201906007 | x_refsource_CONFIRM |
| http://surl.twcert.org.tw/hVut7 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| AndroVideo | Advan VD-1 firmware |
Affected:
up to 230
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906007"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://surl.twcert.org.tw/hVut7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advan VD-1 firmware",
"vendor": "AndroVideo",
"versions": [
{
"status": "affected",
"version": "up to 230"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Keniver Wang (CHT Security)"
}
],
"datePublic": "2019-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A broken access control vulnerability found in Advan VD-1 firmware versions up to 230. An attacker can send a POST request to cgibin/ApkUpload.cgi to install arbitrary APK without any authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Broken access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T00:19:32.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906007"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://surl.twcert.org.tw/hVut7"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Advan VD-1 has a vulnerability that allows remote arbitrary APK installation",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-08-20T16:00:00.000Z",
"ID": "CVE-2019-13406",
"STATE": "PUBLIC",
"TITLE": "Advan VD-1 has a vulnerability that allows remote arbitrary APK installation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advan VD-1 firmware",
"version": {
"version_data": [
{
"version_value": "up to 230"
}
]
}
}
]
},
"vendor_name": "AndroVideo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Keniver Wang (CHT Security)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A broken access control vulnerability found in Advan VD-1 firmware versions up to 230. An attacker can send a POST request to cgibin/ApkUpload.cgi to install arbitrary APK without any authentication."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Broken access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md",
"refsource": "CONFIRM",
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906007",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906007"
},
{
"name": "http://surl.twcert.org.tw/hVut7",
"refsource": "CONFIRM",
"url": "http://surl.twcert.org.tw/hVut7"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-13406",
"datePublished": "2019-08-29T00:19:32.626Z",
"dateReserved": "2019-07-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:16:16.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13405 (GCVE-0-2019-13405)
Vulnerability from cvelistv5 – Published: 2019-08-29 00:19 – Updated: 2024-09-16 22:24- Broken access control
| URL | Tags |
|---|---|
| https://gist.github.com/keniver/f5155b42eb278ec02… | x_refsource_CONFIRM |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201906006 | x_refsource_CONFIRM |
| http://surl.twcert.org.tw/VeNHn | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| AndroVideo | Advan VD-1 firmware |
Affected:
230
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:25.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://surl.twcert.org.tw/VeNHn"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advan VD-1 firmware",
"vendor": "AndroVideo",
"versions": [
{
"status": "affected",
"version": "230"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Keniver Wang (CHT Security)"
}
],
"datePublic": "2019-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay or to install mining software."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Broken access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T00:19:23.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://surl.twcert.org.tw/VeNHn"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Advan VD-1 allows a remote user to enable Android Debug Bridge without any authentication",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-08-20T16:00:00.000Z",
"ID": "CVE-2019-13405",
"STATE": "PUBLIC",
"TITLE": "Advan VD-1 allows a remote user to enable Android Debug Bridge without any authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advan VD-1 firmware",
"version": {
"version_data": [
{
"version_value": "230"
}
]
}
}
]
},
"vendor_name": "AndroVideo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Keniver Wang (CHT Security)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay or to install mining software."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Broken access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md",
"refsource": "CONFIRM",
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906006",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906006"
},
{
"name": "http://surl.twcert.org.tw/VeNHn",
"refsource": "CONFIRM",
"url": "http://surl.twcert.org.tw/VeNHn"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-13405",
"datePublished": "2019-08-29T00:19:23.331Z",
"dateReserved": "2019-07-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:24:40.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11064 (GCVE-0-2019-11064)
Vulnerability from cvelistv5 – Published: 2019-08-29 00:19 – Updated: 2024-09-17 00:36- CWE-200 - Information Exposure
| URL | Tags |
|---|---|
| https://tvn.twcert.org.tw/taiwanvn/TVN-201906005 | x_refsource_CONFIRM |
| http://surl.twcert.org.tw/gCDQN | x_refsource_CONFIRM |
| https://gist.github.com/keniver/f5155b42eb278ec02… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| AndroVideo | Advan VD-1 firmware |
Affected:
up to 230
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:16.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906005"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://surl.twcert.org.tw/gCDQN"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advan VD-1 firmware",
"vendor": "AndroVideo",
"versions": [
{
"status": "affected",
"version": "up to 230"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Keniver Wang (CHT Security)"
}
],
"datePublic": "2019-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator\u2019s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T00:19:17.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906005"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://surl.twcert.org.tw/gCDQN"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "A vulnerability of remote credential disclosure was discovered in Advan VD-1",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-08-20T16:00:00.000Z",
"ID": "CVE-2019-11064",
"STATE": "PUBLIC",
"TITLE": "A vulnerability of remote credential disclosure was discovered in Advan VD-1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advan VD-1 firmware",
"version": {
"version_data": [
{
"version_value": "up to 230"
}
]
}
}
]
},
"vendor_name": "AndroVideo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Keniver Wang (CHT Security)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator\u2019s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906005",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906005"
},
{
"name": "http://surl.twcert.org.tw/gCDQN",
"refsource": "CONFIRM",
"url": "http://surl.twcert.org.tw/gCDQN"
},
{
"name": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md",
"refsource": "CONFIRM",
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-11064",
"datePublished": "2019-08-29T00:19:17.490Z",
"dateReserved": "2019-04-09T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:36:59.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13408 (GCVE-0-2019-13408)
Vulnerability from cvelistv5 – Published: 2019-08-29 00:18 – Updated: 2024-09-17 01:26- CWE-23 - Relative Path Traversal
| URL | Tags |
|---|---|
| https://gist.github.com/keniver/f5155b42eb278ec02… | x_refsource_CONFIRM |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201906009 | x_refsource_CONFIRM |
| http://surl.twcert.org.tw/2bvXq | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| AndroVideo | Advan VD-1 firmware |
Affected:
up to 230
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:25.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906009"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://surl.twcert.org.tw/2bvXq"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advan VD-1 firmware",
"vendor": "AndroVideo",
"versions": [
{
"status": "affected",
"version": "up to 230"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Keniver Wang (CHT Security)"
}
],
"datePublic": "2019-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T00:18:52.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906009"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://surl.twcert.org.tw/2bvXq"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Advan VD-1 allows users to download arbitrary files",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-08-20T16:00:00.000Z",
"ID": "CVE-2019-13408",
"STATE": "PUBLIC",
"TITLE": "Advan VD-1 allows users to download arbitrary files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advan VD-1 firmware",
"version": {
"version_data": [
{
"version_value": "up to 230"
}
]
}
}
]
},
"vendor_name": "AndroVideo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Keniver Wang (CHT Security)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md",
"refsource": "CONFIRM",
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906009",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906009"
},
{
"name": "http://surl.twcert.org.tw/2bvXq",
"refsource": "CONFIRM",
"url": "http://surl.twcert.org.tw/2bvXq"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-13408",
"datePublished": "2019-08-29T00:18:52.900Z",
"dateReserved": "2019-07-08T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:26:55.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13407 (GCVE-0-2019-13407)
Vulnerability from nvd – Published: 2019-08-29 00:19 – Updated: 2024-09-16 22:16- CWE-79 - Cross-site Scripting (XSS)
| URL | Tags |
|---|---|
| https://gist.github.com/keniver/f5155b42eb278ec02… | x_refsource_CONFIRM |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201906008 | x_refsource_CONFIRM |
| http://surl.twcert.org.tw/SpTwh | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| AndroVideo | Advan VD-1 firmware |
Affected:
up to 230
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:25.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906008"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://surl.twcert.org.tw/SpTwh"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advan VD-1 firmware",
"vendor": "AndroVideo",
"versions": [
{
"status": "affected",
"version": "up to 230"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Keniver Wang (CHT Security)"
}
],
"datePublic": "2019-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T00:19:39.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906008"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://surl.twcert.org.tw/SpTwh"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Advan VD-1 has a reflected XSS vulnerability in page cgibin/ssi.cgi",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-08-20T16:00:00.000Z",
"ID": "CVE-2019-13407",
"STATE": "PUBLIC",
"TITLE": "Advan VD-1 has a reflected XSS vulnerability in page cgibin/ssi.cgi"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advan VD-1 firmware",
"version": {
"version_data": [
{
"version_value": "up to 230"
}
]
}
}
]
},
"vendor_name": "AndroVideo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Keniver Wang (CHT Security)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md",
"refsource": "CONFIRM",
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906008",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906008"
},
{
"name": "http://surl.twcert.org.tw/SpTwh",
"refsource": "CONFIRM",
"url": "http://surl.twcert.org.tw/SpTwh"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-13407",
"datePublished": "2019-08-29T00:19:39.243Z",
"dateReserved": "2019-07-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:16:10.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13406 (GCVE-0-2019-13406)
Vulnerability from nvd – Published: 2019-08-29 00:19 – Updated: 2024-09-16 23:16- Broken access control
| URL | Tags |
|---|---|
| https://gist.github.com/keniver/f5155b42eb278ec02… | x_refsource_CONFIRM |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201906007 | x_refsource_CONFIRM |
| http://surl.twcert.org.tw/hVut7 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| AndroVideo | Advan VD-1 firmware |
Affected:
up to 230
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906007"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://surl.twcert.org.tw/hVut7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advan VD-1 firmware",
"vendor": "AndroVideo",
"versions": [
{
"status": "affected",
"version": "up to 230"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Keniver Wang (CHT Security)"
}
],
"datePublic": "2019-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A broken access control vulnerability found in Advan VD-1 firmware versions up to 230. An attacker can send a POST request to cgibin/ApkUpload.cgi to install arbitrary APK without any authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Broken access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T00:19:32.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906007"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://surl.twcert.org.tw/hVut7"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Advan VD-1 has a vulnerability that allows remote arbitrary APK installation",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-08-20T16:00:00.000Z",
"ID": "CVE-2019-13406",
"STATE": "PUBLIC",
"TITLE": "Advan VD-1 has a vulnerability that allows remote arbitrary APK installation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advan VD-1 firmware",
"version": {
"version_data": [
{
"version_value": "up to 230"
}
]
}
}
]
},
"vendor_name": "AndroVideo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Keniver Wang (CHT Security)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A broken access control vulnerability found in Advan VD-1 firmware versions up to 230. An attacker can send a POST request to cgibin/ApkUpload.cgi to install arbitrary APK without any authentication."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Broken access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md",
"refsource": "CONFIRM",
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906007",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906007"
},
{
"name": "http://surl.twcert.org.tw/hVut7",
"refsource": "CONFIRM",
"url": "http://surl.twcert.org.tw/hVut7"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-13406",
"datePublished": "2019-08-29T00:19:32.626Z",
"dateReserved": "2019-07-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:16:16.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13405 (GCVE-0-2019-13405)
Vulnerability from nvd – Published: 2019-08-29 00:19 – Updated: 2024-09-16 22:24- Broken access control
| URL | Tags |
|---|---|
| https://gist.github.com/keniver/f5155b42eb278ec02… | x_refsource_CONFIRM |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201906006 | x_refsource_CONFIRM |
| http://surl.twcert.org.tw/VeNHn | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| AndroVideo | Advan VD-1 firmware |
Affected:
230
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:25.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://surl.twcert.org.tw/VeNHn"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advan VD-1 firmware",
"vendor": "AndroVideo",
"versions": [
{
"status": "affected",
"version": "230"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Keniver Wang (CHT Security)"
}
],
"datePublic": "2019-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay or to install mining software."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Broken access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T00:19:23.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://surl.twcert.org.tw/VeNHn"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Advan VD-1 allows a remote user to enable Android Debug Bridge without any authentication",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-08-20T16:00:00.000Z",
"ID": "CVE-2019-13405",
"STATE": "PUBLIC",
"TITLE": "Advan VD-1 allows a remote user to enable Android Debug Bridge without any authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advan VD-1 firmware",
"version": {
"version_data": [
{
"version_value": "230"
}
]
}
}
]
},
"vendor_name": "AndroVideo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Keniver Wang (CHT Security)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay or to install mining software."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Broken access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md",
"refsource": "CONFIRM",
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906006",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906006"
},
{
"name": "http://surl.twcert.org.tw/VeNHn",
"refsource": "CONFIRM",
"url": "http://surl.twcert.org.tw/VeNHn"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-13405",
"datePublished": "2019-08-29T00:19:23.331Z",
"dateReserved": "2019-07-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:24:40.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11064 (GCVE-0-2019-11064)
Vulnerability from nvd – Published: 2019-08-29 00:19 – Updated: 2024-09-17 00:36- CWE-200 - Information Exposure
| URL | Tags |
|---|---|
| https://tvn.twcert.org.tw/taiwanvn/TVN-201906005 | x_refsource_CONFIRM |
| http://surl.twcert.org.tw/gCDQN | x_refsource_CONFIRM |
| https://gist.github.com/keniver/f5155b42eb278ec02… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| AndroVideo | Advan VD-1 firmware |
Affected:
up to 230
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:16.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906005"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://surl.twcert.org.tw/gCDQN"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advan VD-1 firmware",
"vendor": "AndroVideo",
"versions": [
{
"status": "affected",
"version": "up to 230"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Keniver Wang (CHT Security)"
}
],
"datePublic": "2019-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator\u2019s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T00:19:17.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906005"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://surl.twcert.org.tw/gCDQN"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "A vulnerability of remote credential disclosure was discovered in Advan VD-1",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-08-20T16:00:00.000Z",
"ID": "CVE-2019-11064",
"STATE": "PUBLIC",
"TITLE": "A vulnerability of remote credential disclosure was discovered in Advan VD-1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advan VD-1 firmware",
"version": {
"version_data": [
{
"version_value": "up to 230"
}
]
}
}
]
},
"vendor_name": "AndroVideo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Keniver Wang (CHT Security)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator\u2019s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906005",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906005"
},
{
"name": "http://surl.twcert.org.tw/gCDQN",
"refsource": "CONFIRM",
"url": "http://surl.twcert.org.tw/gCDQN"
},
{
"name": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md",
"refsource": "CONFIRM",
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-11064",
"datePublished": "2019-08-29T00:19:17.490Z",
"dateReserved": "2019-04-09T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:36:59.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13408 (GCVE-0-2019-13408)
Vulnerability from nvd – Published: 2019-08-29 00:18 – Updated: 2024-09-17 01:26- CWE-23 - Relative Path Traversal
| URL | Tags |
|---|---|
| https://gist.github.com/keniver/f5155b42eb278ec02… | x_refsource_CONFIRM |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201906009 | x_refsource_CONFIRM |
| http://surl.twcert.org.tw/2bvXq | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| AndroVideo | Advan VD-1 firmware |
Affected:
up to 230
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:25.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906009"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://surl.twcert.org.tw/2bvXq"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advan VD-1 firmware",
"vendor": "AndroVideo",
"versions": [
{
"status": "affected",
"version": "up to 230"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Keniver Wang (CHT Security)"
}
],
"datePublic": "2019-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T00:18:52.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906009"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://surl.twcert.org.tw/2bvXq"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Advan VD-1 allows users to download arbitrary files",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-08-20T16:00:00.000Z",
"ID": "CVE-2019-13408",
"STATE": "PUBLIC",
"TITLE": "Advan VD-1 allows users to download arbitrary files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advan VD-1 firmware",
"version": {
"version_data": [
{
"version_value": "up to 230"
}
]
}
}
]
},
"vendor_name": "AndroVideo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Keniver Wang (CHT Security)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md",
"refsource": "CONFIRM",
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906009",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201906009"
},
{
"name": "http://surl.twcert.org.tw/2bvXq",
"refsource": "CONFIRM",
"url": "http://surl.twcert.org.tw/2bvXq"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-13408",
"datePublished": "2019-08-29T00:18:52.900Z",
"dateReserved": "2019-07-08T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:26:55.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}