CVE-2019-13474

Published Sep 16, 2019

Last updated a year ago

CVSS critical 9.8

Overview

Description: TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have insufficient access control for the /set_dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-798

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:telestar:bobs_rock_radio:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FF18181F-B99B-483C-B779-38C2C84179D0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:telestar:bobs_rock_radio_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E17F5D40-3E6A-4C0B-8F28-5D96F45FE273"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:telestar:dabman_d10:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AF3FE4C9-6A4D-4919-9843-CCC1CB26D67A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:telestar:dabman_d10_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68DFF28E-E5AA-4047-AF18-A80A15EC6CEB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:telestar:dabman_i30_stereo:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "65031EB4-579B-4E6D-9066-27756D021F4E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:telestar:dabman_i30_stereo_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "254CA4AF-3CC3-4CDA-AAF5-88835F6B6BFC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:telestar:imperial_i110:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FC789F3B-1D46-4646-A798-8ABF326E772E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:telestar:imperial_i110_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89245799-021A-4D8B-8539-B705BDB39E9B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:telestar:imperial_i150:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "478E93CC-8681-4307-ABBD-1C036FBC61A4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:telestar:imperial_i150_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2626170-1D7F-4B16-B6D9-D3015E2444E0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:telestar:imperial_i200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E20E36FC-CD25-4E84-BB9E-E3225C26252A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:telestar:imperial_i200_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D91ADE9C-14DF-44F8-8310-6657482C365D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:telestar:imperial_i200-cd:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3584EFD9-E2F5-4DD2-8CB0-F4F70A095B2B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:telestar:imperial_i200-cd_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8B9F1D2-9A67-43E3-B0F2-ED657E3444F7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:telestar:imperial_i400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F084C2EF-EDB5-444E-B41C-3D09C844C99D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:telestar:imperial_i400_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77C4CBB3-EE19-41FC-BD5C-22B5828D7BE4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:telestar:imperial_i450_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70788B50-9E5E-4246-A79D-67C0F3BFEF2D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:telestar:imperial_i450:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7BE2E73A-6C2A-4EE1-ADB3-B91A86BE1138"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:telestar:imperial_i500-bt_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30B6A1C7-E1AB-4B3C-A074-978F147F9A2B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:telestar:imperial_i500-bt:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B854016E-329B-470C-B0AA-6C45109EA81A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:telestar:imperial_i600_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "414960F2-B667-4949-9534-15C0D71D77DE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:telestar:imperial_i600:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2E80EDE7-635A-41A9-93FD-17C3D773C3DA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References