Details of VAR-202103-0080

ID

VAR-202103-0080

CVE

CVE-2019-18235

TITLE

Advantech Spectre RT ERT351 Vulnerability regarding improper restriction of excessive authentication attempts in

Trust: 0.8

sources: JVNDB: JVNDB-2019-016220

DESCRIPTION

Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack. Advantech Spectre RT ERT351 Is vulnerable to improper restriction of excessive authentication attempts.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Advantech Spectre RT ERT351 is a router of American Advantech company that provides network routing function. Advantech Spectre RT ERT351 has security vulnerabilities that allow remote attackers to use the vulnerabilities to submit special requests and brute force to access the system

Trust: 2.25

sources: NVD: CVE-2019-18235 // JVNDB: JVNDB-2019-016220 // CNVD: CNVD-2021-28791 // VULMON: CVE-2019-18235

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-28791

AFFECTED PRODUCTS

vendor:	advantech	model:	spectre rt ert351	scope:	lte	version:	5.1.3	Trust: 1.0
vendor:	アドバンテック株式会社	model:	spectre rt ert351	scope:	lte	version:	spectre rt ert351 firmware 5.1.3 and earlier	Trust: 0.8
vendor:	アドバンテック株式会社	model:	spectre rt ert351	scope:	eq	version:	-	Trust: 0.8
vendor:	アドバンテック株式会社	model:	spectre rt ert351	scope:	-	version:	-	Trust: 0.8
vendor:	advantech	model:	spectre rt ert351	scope:	lte	version:	<=5.1.3	Trust: 0.6

sources: CNVD: CNVD-2021-28791 // JVNDB: JVNDB-2019-016220 // NVD: CVE-2019-18235

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-18235
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-18235
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2021-28791
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202102-1543
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2019-18235
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-18235
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-28791
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-18235
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-18235
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-28791 // VULMON: CVE-2019-18235 // JVNDB: JVNDB-2019-016220 // CNNVD: CNNVD-202102-1543 // NVD: CVE-2019-18235

PROBLEMTYPE DATA

problemtype:	CWE-307	Trust: 1.0
problemtype:	Inappropriate restriction of excessive authentication attempts (CWE-307) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2019-016220 // NVD: CVE-2019-18235

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-1543

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202102-1543

PATCH

title:	SA-2021-01-01	url:	https://icr.advantech.cz/support/router-models/download/511/sa-2021-01-fw-5.1.3-and-older-en.pdf	Trust: 0.8
title:	Patch for Advantech Spectre RT ERT351 brute force cracking vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/258961	Trust: 0.6
title:	Advantech Spectre RT Industrial Routers Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142893	Trust: 0.6

sources: CNVD: CNVD-2021-28791 // JVNDB: JVNDB-2019-016220 // CNNVD: CNNVD-202102-1543

EXTERNAL IDS

db:	NVD	id:	CVE-2019-18235	Trust: 3.1
db:	ICS CERT	id:	ICSA-21-054-03	Trust: 3.1
db:	JVN	id:	JVNVU98128183	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-016220	Trust: 0.8
db:	CNVD	id:	CNVD-2021-28791	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0680	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-1543	Trust: 0.6
db:	VULMON	id:	CVE-2019-18235	Trust: 0.1

sources: CNVD: CNVD-2021-28791 // VULMON: CVE-2019-18235 // JVNDB: JVNDB-2019-016220 // CNNVD: CNNVD-202102-1543 // NVD: CVE-2019-18235

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-054-03	Trust: 3.7
url:	https://ep.advantech-bb.cz/support/router-models/download/511/sa-2021-01-fw-5.1.3-and-older-en.pdf	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18235	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu98128183/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.0680	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/307.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/197343	Trust: 0.1

sources: CNVD: CNVD-2021-28791 // VULMON: CVE-2019-18235 // JVNDB: JVNDB-2019-016220 // CNNVD: CNNVD-202102-1543 // NVD: CVE-2019-18235

SOURCES

db:	CNVD	id:	CNVD-2021-28791
db:	VULMON	id:	CVE-2019-18235
db:	JVNDB	id:	JVNDB-2019-016220
db:	CNNVD	id:	CNNVD-202102-1543
db:	NVD	id:	CVE-2019-18235

LAST UPDATE DATE

2024-08-14T12:58:20.331000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-28791	date:	2021-04-16T00:00:00
db:	VULMON	id:	CVE-2019-18235	date:	2021-03-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-016220	date:	2021-11-24T07:40:00
db:	CNNVD	id:	CNNVD-202102-1543	date:	2021-03-24T00:00:00
db:	NVD	id:	CVE-2019-18235	date:	2021-03-23T19:15:49.453

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-28791	date:	2021-04-16T00:00:00
db:	VULMON	id:	CVE-2019-18235	date:	2021-03-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-016220	date:	2021-11-24T00:00:00
db:	CNNVD	id:	CNNVD-202102-1543	date:	2021-02-23T00:00:00
db:	NVD	id:	CVE-2019-18235	date:	2021-03-17T19:15:11.960