CVE-2019-15067 Information

Description

An authentication bypass vulnerability discovered in Smart Battery A2-25DE a multifunctional portable charger firmware version ?= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. An attacker can bypass authentication and gain privilege by modifying the login page.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://tvn.twcert.org.tw/taiwanvn/TVN-201908002 https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=44

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8