CVE-2019-11063 - OpenCVE

A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Asus	Smarthome

Configuration 1 [-]

OR	cpe:2.3:a:asus:smarthome::::::iphone_os::*
	cpe:2.3:a:asus:smarthome::::::android::*

No data.

References

Link	Providers
http://surl.twcert.org.tw/5LWQJ
https://github.com/tim124058/ASUS-SmartHome-Exploit/
https://tvn.twcert.org.tw/taiwanvn/TVN-201908014

History

No history.

MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2019-08-29T00:19:09.478452Z

Updated: 2024-09-16T18:18:18.823Z

Reserved: 2019-04-09T00:00:00

Link: CVE-2019-11063

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-08-29T01:15:10.990

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-11063

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "SmartHome Android app", "vendor": "ASUS", "versions": [{"status": "affected", "version": "up to 3.0.42_190515"}]}, {"product": "SmartHome ios app", "vendor": "ASUS", "versions": [{"status": "affected", "version": "up to 2.0.22"}]}], "credits": [{"lang": "en", "value": "timhuang"}], "datePublic": "2019-08-20T00:00:00", "descriptions": [{"lang": "en", "value": "A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Boken Access Control", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-04T12:36:03", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/tim124058/ASUS-SmartHome-Exploit/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908014"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://surl.twcert.org.tw/5LWQJ"}], "source": {"discovery": "EXTERNAL"}, "title": "SmartHome application has a broken access control vulnerability in its Web API Server", "x_generator": {"engine": "Vulnogram 0.0.7"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2019-08-20T16:00:00.000Z", "ID": "CVE-2019-11063", "STATE": "PUBLIC", "TITLE": "SmartHome application has a broken access control vulnerability in its Web API Server"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SmartHome Android app", "version": {"version_data": [{"version_value": "up to 3.0.42_190515"}]}}, {"product_name": "SmartHome ios app", "version": {"version_data": [{"version_value": "up to 2.0.22"}]}}]}, "vendor_name": "ASUS"}]}}, "credit": [{"lang": "eng", "value": "timhuang"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."}]}, "generator": {"engine": "Vulnogram 0.0.7"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Boken Access Control"}]}]}, "references": {"reference_data": [{"name": "https://github.com/tim124058/ASUS-SmartHome-Exploit/", "refsource": "CONFIRM", "url": "https://github.com/tim124058/ASUS-SmartHome-Exploit/"}, {"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908014", "refsource": "CONFIRM", "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908014"}, {"name": "http://surl.twcert.org.tw/5LWQJ", "refsource": "CONFIRM", "url": "http://surl.twcert.org.tw/5LWQJ"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:40:16.212Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/tim124058/ASUS-SmartHome-Exploit/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908014"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://surl.twcert.org.tw/5LWQJ"}]}]}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2019-11063", "datePublished": "2019-08-29T00:19:09.478452Z", "dateReserved": "2019-04-09T00:00:00", "dateUpdated": "2024-09-16T18:18:18.823Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:asus:smarthome:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "3DE3FB52-3C29-461B-B7D4-8EF04D088DB2", "versionEndExcluding": "2.0.22", "vulnerable": true}, {"criteria": "cpe:2.3:a:asus:smarthome:*:*:*:*:*:android:*:*", "matchCriteriaId": "8B2A70D9-9661-49CD-BCFA-751709C8D9DA", "versionEndExcluding": "3.0.42_190515", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."}, {"lang": "es", "value": "Una vulnerabilidad de control de acceso interrumpida en la aplicaci\u00f3n SmartHome (versiones de Android hasta 3.0.42_190515, versiones de iOS hasta 2.0.22) permite a un atacante dentro de la misma red de \u00e1rea local enumerar cuentas de usuario y controlar dispositivos IoT que conectan con su puerta de enlace (HG100) por medio de http://[target]/smarthome/devicecontrol sin ninguna autenticaci\u00f3n. CVSS 3.0 Puntuaci\u00f3n Base 10 (Impactos de Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."}], "id": "CVE-2019-11063", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2019-08-29T01:15:10.990", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "http://surl.twcert.org.tw/5LWQJ"}, {"source": "twcert@cert.org.tw", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/tim124058/ASUS-SmartHome-Exploit/"}, {"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908014"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}