CVE-2019-15911
Last modified
CVE-2019-15911 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Because of insecure key transport in ZigBee communication, attackers can obtain sensitive information, cause the multiple denial of service attacks, take over smart home devices, and tamper with messages.. EPSS estimates a 0.84% chance of exploitation in the next 30 days.
Description
An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Because of insecure key transport in ZigBee communication, attackers can obtain sensitive information, cause the multiple denial of service attacks, take over smart home devices, and tamper with messages.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Asus | Hg100 Firmware | All versions |
| Asus | Mw100 Firmware | All versions |
| Asus | Ws-101 Firmware | All versions |
| Asus | Ts-101 Firmware | All versions |
| Asus | As-101 Firmware | All versions |
| Asus | Ms-101 Firmware | All versions |
| Asus | Dl-101 Firmware | All versions |
References
- https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15911.mdExploit, Third Party Advisory
- https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15911.mdExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-15911?
How severe is CVE-2019-15911?
How do I fix CVE-2019-15911?
Are you affected by CVE-2019-15911?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST