CVE-2019-9659 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.1 CRITICAL	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 51%

Vendor	Product	Version
chuango	wifi_alarm_system_firmware	-
chuango	wifi\/cellular_smart_home_system_h4_plus_firmware	-
chuango	awv_plus_wifi_alarm_system_firmware	-
chuango	g5w_3g_firmware	-
chuango	g5_plus_gsm\/sms\/rfid_touch_alarm_system_firmware	-
chuango	g3_gsm\/sms_alarm_system_firmware	-
chuango	g5w_3g_firmware	-
chuango	b11_dual-network_alarm_system_firmware	-
chuango	a8_pstn_alarm_system_firmware	-
chuango	a11_pstn\/lcd\/rfid_touch_alarm_system_firmware	-
chuango	cg-105s_on-site_alarm_system_firmware	-
eminent	em8617_ov2_wifi_alarm_system_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-294 - Authentication Bypass by Capture-replay
A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References

https://github.com/RiieCco/write-ups/tree/master/CVE-2019-9659

https://github.com/RiieCco/write-ups/tree/master/CVE-2019-9659