Sign-up

ID

VAR-201904-0919


CVE

CVE-2019-11415


TITLE

Intelbras IWR 3000N Vulnerability related to input validation on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-003554

DESCRIPTION

An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login. Intelbras IWR 3000N The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intelbras IWR 3000N is a wireless router from Intelbras Poland. An input validation error vulnerability exists in Intelbras IWR 3000N version 1.5.0. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 1.71

sources: NVD: CVE-2019-11415 // JVNDB: JVNDB-2019-003554 // VULHUB: VHN-143059

AFFECTED PRODUCTS

vendor:intelbrasmodel:iwr 3000nscope:eqversion:1.5.0

Trust: 1.8

sources: JVNDB: JVNDB-2019-003554 // NVD: CVE-2019-11415

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11415
value: HIGH

Trust: 1.0

NVD: CVE-2019-11415
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-1035
value: HIGH

Trust: 0.6

VULHUB: VHN-143059
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-11415
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-143059
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11415
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-143059 // JVNDB: JVNDB-2019-003554 // CNNVD: CNNVD-201904-1035 // NVD: CVE-2019-11415

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-143059 // JVNDB: JVNDB-2019-003554 // NVD: CVE-2019-11415

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-1035

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201904-1035

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003554

PATCH
title:IWR 3000Nurl:https://www.intelbras.com/pt-br/roteador-wireless-com-ipv6-iwr-3000n
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-003554

EXTERNAL IDS
db:NVDid:CVE-2019-11415
Trust: 2.5
db:PACKETSTORMid:152680
Trust: 2.5
db:EXPLOIT-DBid:46768
Trust: 1.7
db:JVNDBid:JVNDB-2019-003554
Trust: 0.8
db:CNNVDid:CNNVD-201904-1035
Trust: 0.7
db:VULHUBid:VHN-143059
Trust: 0.1
sources:
            
            
            VULHUB: VHN-143059 // 
            
            
            
            JVNDB: JVNDB-2019-003554 // 
            
            
            
            CNNVD: CNNVD-201904-1035 // 
            
            
            
            NVD: CVE-2019-11415

REFERENCES
url:http://packetstormsecurity.com/files/152680/intelbras-iwr-3000n-denial-of-service.html
Trust: 3.1
url:https://www.exploit-db.com/exploits/46768/
Trust: 1.7
url:https://1.337.zone/2019/04/08/intelbras-iwr-3000n-any-version-dos-on-malformed-login-request/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-11415
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11415
Trust: 0.8
url:https://www.exploit-db.com/exploits/46768
Trust: 0.6
sources:
            
            
            VULHUB: VHN-143059 // 
            
            
            
            JVNDB: JVNDB-2019-003554 // 
            
            
            
            CNNVD: CNNVD-201904-1035 // 
            
            
            
            NVD: CVE-2019-11415

CREDITS
Social Engineering Neo
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201904-1035

SOURCES
db:VULHUBid:VHN-143059
db:JVNDBid:JVNDB-2019-003554
db:CNNVDid:CNNVD-201904-1035
db:NVDid:CVE-2019-11415

LAST UPDATE DATE
2024-11-23T22:33:56.599000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-143059date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-003554date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-1035date:2020-08-25T00:00:00
db:NVDid:CVE-2019-11415date:2024-11-21T04:21:04.200

SOURCES RELEASE DATE
db:VULHUBid:VHN-143059date:2019-04-22T00:00:00
db:JVNDBid:JVNDB-2019-003554date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-1035date:2019-04-22T00:00:00
db:NVDid:CVE-2019-11415date:2019-04-22T11:29:05.347