CVE-2019-13412 - OpenCVE

A service which is hosted on port 3097 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hinet	Gpon Gpon Firmware

Configuration 1 [-]

AND

cpe:2.3:h:hinet:gpon:-:*:*:*:*:*:*:*

cpe:2.3:o:hinet:gpon_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://tvn.twcert.org.tw/taiwanvn/TVN-201908006
https://www.twcert.org.tw/en/cp-128-3014-904b1-2.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2019-10-17T19:21:13.687917Z

Updated: 2024-09-16T21:02:20.317Z

Reserved: 2019-07-08T00:00:00

Link: CVE-2019-13412

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-10-17T20:15:12.147

Modified: 2021-07-21T11:39:23.747

Link: CVE-2019-13412

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "GPON", "vendor": "HiNET", "versions": [{"status": "affected", "version": "firmware < I040GWR190731"}]}], "credits": [{"lang": "en", "value": "DEVCORE"}], "datePublic": "2019-10-16T00:00:00", "descriptions": [{"lang": "en", "value": "A service which is hosted on port 3097 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "read arbitrary files", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-17T19:21:13", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.twcert.org.tw/en/cp-128-3014-904b1-2.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908006"}], "source": {"discovery": "UNKNOWN"}, "title": "A vulnerability was discovered in HiNet GPON firmware < I040GWR190731 that allows an attacker to read arbitrary files", "x_generator": {"engine": "Vulnogram 0.0.8"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2019-10-16T16:00:00.000Z", "ID": "CVE-2019-13412", "STATE": "PUBLIC", "TITLE": "A vulnerability was discovered in HiNet GPON firmware < I040GWR190731 that allows an attacker to read arbitrary files"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GPON", "version": {"version_data": [{"version_value": "firmware < I040GWR190731"}]}}]}, "vendor_name": "HiNET"}]}}, "credit": [{"lang": "eng", "value": "DEVCORE"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A service which is hosted on port 3097 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)."}]}, "generator": {"engine": "Vulnogram 0.0.8"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "read arbitrary files"}]}]}, "references": {"reference_data": [{"name": "https://www.twcert.org.tw/en/cp-128-3014-904b1-2.html", "refsource": "CONFIRM", "url": "https://www.twcert.org.tw/en/cp-128-3014-904b1-2.html"}, {"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908006", "refsource": "CONFIRM", "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908006"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:49:24.995Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.twcert.org.tw/en/cp-128-3014-904b1-2.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908006"}]}]}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2019-13412", "datePublished": "2019-10-17T19:21:13.687917Z", "dateReserved": "2019-07-08T00:00:00", "dateUpdated": "2024-09-16T21:02:20.317Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:hinet:gpon:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD234D56-560E-431C-82EB-7F5FF55860C7", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:hinet:gpon_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB191021-042D-4378-943F-057C01450A15", "versionEndExcluding": "i040gwr190731", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A service which is hosted on port 3097 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)."}, {"lang": "es", "value": "Un servicio alojado en el puerto 3097 en HiNet GPON versiones de firmware anteriores a I040GWR190731, permite a un atacante ejecutar un comando espec\u00edfico para leer archivos arbitrarios. CVSS 3.0 Puntaje Base 9.3. Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)."}], "id": "CVE-2019-13412", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.7, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2019-10-17T20:15:12.147", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908006"}, {"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/en/cp-128-3014-904b1-2.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}