ID

VAR-202103-0080


CVE

CVE-2019-18235


TITLE

Advantech Spectre RT ERT351  Vulnerability regarding improper restriction of excessive authentication attempts in

Trust: 0.8

sources: JVNDB: JVNDB-2019-016220

DESCRIPTION

Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack. Advantech Spectre RT ERT351 Is vulnerable to improper restriction of excessive authentication attempts.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Advantech Spectre RT ERT351 is a router of American Advantech company that provides network routing function. Advantech Spectre RT ERT351 has security vulnerabilities that allow remote attackers to use the vulnerabilities to submit special requests and brute force to access the system

Trust: 2.25

sources: NVD: CVE-2019-18235 // JVNDB: JVNDB-2019-016220 // CNVD: CNVD-2021-28791 // VULMON: CVE-2019-18235

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-28791

AFFECTED PRODUCTS

vendor:advantechmodel:spectre rt ert351scope:lteversion:5.1.3

Trust: 1.0

vendor:アドバンテック株式会社model:spectre rt ert351scope:lteversion:spectre rt ert351 firmware 5.1.3 and earlier

Trust: 0.8

vendor:アドバンテック株式会社model:spectre rt ert351scope:eqversion: -

Trust: 0.8

vendor:アドバンテック株式会社model:spectre rt ert351scope: - version: -

Trust: 0.8

vendor:advantechmodel:spectre rt ert351scope:lteversion:<=5.1.3

Trust: 0.6

sources: CNVD: CNVD-2021-28791 // JVNDB: JVNDB-2019-016220 // NVD: CVE-2019-18235

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18235
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-18235
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2021-28791
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202102-1543
value: CRITICAL

Trust: 0.6

VULMON: CVE-2019-18235
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-18235
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-28791
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-18235
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-18235
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-28791 // VULMON: CVE-2019-18235 // JVNDB: JVNDB-2019-016220 // CNNVD: CNNVD-202102-1543 // NVD: CVE-2019-18235

PROBLEMTYPE DATA

problemtype:CWE-307

Trust: 1.0

problemtype:Inappropriate restriction of excessive authentication attempts (CWE-307) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2019-016220 // NVD: CVE-2019-18235

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-1543

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202102-1543

PATCH

title:SA-2021-01-01url:https://icr.advantech.cz/support/router-models/download/511/sa-2021-01-fw-5.1.3-and-older-en.pdf

Trust: 0.8

title:Patch for Advantech Spectre RT ERT351 brute force cracking vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/258961

Trust: 0.6

title:Advantech Spectre RT Industrial Routers Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142893

Trust: 0.6

sources: CNVD: CNVD-2021-28791 // JVNDB: JVNDB-2019-016220 // CNNVD: CNNVD-202102-1543

EXTERNAL IDS

db:NVDid:CVE-2019-18235

Trust: 3.1

db:ICS CERTid:ICSA-21-054-03

Trust: 3.1

db:JVNid:JVNVU98128183

Trust: 0.8

db:JVNDBid:JVNDB-2019-016220

Trust: 0.8

db:CNVDid:CNVD-2021-28791

Trust: 0.6

db:AUSCERTid:ESB-2021.0680

Trust: 0.6

db:CNNVDid:CNNVD-202102-1543

Trust: 0.6

db:VULMONid:CVE-2019-18235

Trust: 0.1

sources: CNVD: CNVD-2021-28791 // VULMON: CVE-2019-18235 // JVNDB: JVNDB-2019-016220 // CNNVD: CNNVD-202102-1543 // NVD: CVE-2019-18235

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-054-03

Trust: 3.7

url:https://ep.advantech-bb.cz/support/router-models/download/511/sa-2021-01-fw-5.1.3-and-older-en.pdf

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-18235

Trust: 1.4

url:https://jvn.jp/vu/jvnvu98128183/

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2021.0680

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/307.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/197343

Trust: 0.1

sources: CNVD: CNVD-2021-28791 // VULMON: CVE-2019-18235 // JVNDB: JVNDB-2019-016220 // CNNVD: CNNVD-202102-1543 // NVD: CVE-2019-18235

SOURCES

db:CNVDid:CNVD-2021-28791
db:VULMONid:CVE-2019-18235
db:JVNDBid:JVNDB-2019-016220
db:CNNVDid:CNNVD-202102-1543
db:NVDid:CVE-2019-18235

LAST UPDATE DATE

2024-08-14T12:58:20.331000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-28791date:2021-04-16T00:00:00
db:VULMONid:CVE-2019-18235date:2021-03-23T00:00:00
db:JVNDBid:JVNDB-2019-016220date:2021-11-24T07:40:00
db:CNNVDid:CNNVD-202102-1543date:2021-03-24T00:00:00
db:NVDid:CVE-2019-18235date:2021-03-23T19:15:49.453

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-28791date:2021-04-16T00:00:00
db:VULMONid:CVE-2019-18235date:2021-03-17T00:00:00
db:JVNDBid:JVNDB-2019-016220date:2021-11-24T00:00:00
db:CNNVDid:CNNVD-202102-1543date:2021-02-23T00:00:00
db:NVDid:CVE-2019-18235date:2021-03-17T19:15:11.960