CVE-2019-15078

EUVD-2019-6156
An issue was discovered in a smart contract implementation for AIRDROPX BORN through 2019-05-29, an Ethereum token. The name of the constructor has a typo (wrong case: XBornID versus XBORNID) that allows an attacker to change the owner of the contract and obtain cryptocurrency for free.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
Affected Products (NVD)
VendorProductVersion
xbornidxbornid
𝑥
≤ 2019-05-29
𝑥
= Vulnerable software versions
References
https://github.com/smsecgroup/SM-VUL/tree/master/typo-vul-00
https://github.com/smsecgroup/SM-VUL/tree/master/typo-vul-00