{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2019-13474", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-04T23:57:37.858Z", "dateReserved": "2019-07-09T00:00:00.000Z", "datePublished": "2019-09-16T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-09-05T16:06:25.252Z"}, "descriptions": [{"lang": "en", "value": "TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have insufficient access control for the /set_dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.vulnerability-lab.com/get_content.php?id=2183"}, {"url": "http://seclists.org/fulldisclosure/2019/Sep/12"}, {"name": "20230904 Vulnerabilities in Internet Radio auna IR-160 SE (UIProto)", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2023/Sep/1"}, {"url": "http://packetstormsecurity.com/files/174503/Internet-Radio-auna-IR-160-SE-UIProto-DoS-XSS-Missing-Authentication.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:57:37.858Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.vulnerability-lab.com/get_content.php?id=2183", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2019/Sep/12", "tags": ["x_transferred"]}, {"name": "20230904 Vulnerabilities in Internet Radio auna IR-160 SE (UIProto)", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2023/Sep/1"}, {"url": "http://packetstormsecurity.com/files/174503/Internet-Radio-auna-IR-160-SE-UIProto-DoS-XSS-Missing-Authentication.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:telestar:bobs_rock_radio_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E17F5D40-3E6A-4C0B-8F28-5D96F45FE273", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:telestar:bobs_rock_radio:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF18181F-B99B-483C-B779-38C2C84179D0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:telestar:dabman_d10_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "68DFF28E-E5AA-4047-AF18-A80A15EC6CEB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:telestar:dabman_d10:-:*:*:*:*:*:*:*", "matchCriteriaId": "AF3FE4C9-6A4D-4919-9843-CCC1CB26D67A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:telestar:dabman_i30_stereo_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "254CA4AF-3CC3-4CDA-AAF5-88835F6B6BFC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:telestar:dabman_i30_stereo:-:*:*:*:*:*:*:*", "matchCriteriaId": "65031EB4-579B-4E6D-9066-27756D021F4E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:telestar:imperial_i110_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "89245799-021A-4D8B-8539-B705BDB39E9B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:telestar:imperial_i110:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC789F3B-1D46-4646-A798-8ABF326E772E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:telestar:imperial_i150_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F2626170-1D7F-4B16-B6D9-D3015E2444E0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:telestar:imperial_i150:-:*:*:*:*:*:*:*", "matchCriteriaId": "478E93CC-8681-4307-ABBD-1C036FBC61A4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:telestar:imperial_i200_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D91ADE9C-14DF-44F8-8310-6657482C365D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:telestar:imperial_i200:-:*:*:*:*:*:*:*", "matchCriteriaId": "E20E36FC-CD25-4E84-BB9E-E3225C26252A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:telestar:imperial_i200-cd_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D8B9F1D2-9A67-43E3-B0F2-ED657E3444F7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:telestar:imperial_i200-cd:-:*:*:*:*:*:*:*", "matchCriteriaId": "3584EFD9-E2F5-4DD2-8CB0-F4F70A095B2B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:telestar:imperial_i400_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "77C4CBB3-EE19-41FC-BD5C-22B5828D7BE4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:telestar:imperial_i400:-:*:*:*:*:*:*:*", "matchCriteriaId": "F084C2EF-EDB5-444E-B41C-3D09C844C99D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:telestar:imperial_i450_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "70788B50-9E5E-4246-A79D-67C0F3BFEF2D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:telestar:imperial_i450:-:*:*:*:*:*:*:*", "matchCriteriaId": "7BE2E73A-6C2A-4EE1-ADB3-B91A86BE1138", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:telestar:imperial_i500-bt_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "30B6A1C7-E1AB-4B3C-A074-978F147F9A2B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:telestar:imperial_i500-bt:-:*:*:*:*:*:*:*", "matchCriteriaId": "B854016E-329B-470C-B0AA-6C45109EA81A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:telestar:imperial_i600_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "414960F2-B667-4949-9534-15C0D71D77DE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:telestar:imperial_i600:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E80EDE7-635A-41A9-93FD-17C3D773C3DA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have insufficient access control for the /set_dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands."}, {"lang": "es", "value": "Los dispositivos TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt y Imperial i600 TN81HH96-g102h-g102, poseen un control de acceso insuficiente para los comandos /set_dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, y /playinfo."}], "id": "CVE-2019-13474", "lastModified": "2024-11-21T04:24:58.503", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-16T12:15:10.847", "references": [{"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/174503/Internet-Radio-auna-IR-160-SE-UIProto-DoS-XSS-Missing-Authentication.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Sep/12"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2023/Sep/1"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.vulnerability-lab.com/get_content.php?id=2183"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/174503/Internet-Radio-auna-IR-160-SE-UIProto-DoS-XSS-Missing-Authentication.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Sep/12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2023/Sep/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.vulnerability-lab.com/get_content.php?id=2183"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}