Main Vulnerability Database Vulnerabilities #VU24144

#VU24144 Cleartext transmission of sensitive information in Asus products - CVE-2019-15911

Published: January 8, 2020

Vulnerability identifier: #VU24144

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2019-15911

CWE-ID: CWE-319

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
ASUS HG100
ASUS MW100
ASUS WS-101
ASUS TS-101
ASUS AS-101
ASUS MS-101
ASUS DL-101

Software vendor:
Asus

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists in devices using ZigBee PRO due to insecure key transport in ZigBee communication. A remote attacker with ability to intercept network traffic can obtain sensitive information, cause the multiple denial of service (DoS) attacks, take over smart home devices and tamper with messages.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://github.com/chengcheng227/CVE-POC/blob/master/CVE-2019-15911.md

#VU24144 Cleartext transmission of sensitive information in Asus products - CVE-2019-15911

Description

Remediation

External links

Please verify you're human