CVE-2019-13379

high

Description

On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in.

References

https://www.youtube.com/watch?v=X1PY7kMFkVg

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010

https://jordonlovik.wordpress.com/2019/07/06/roomalert-by-avtech-critical-vulnerability-disclosure/

Details

Source: Mitre, NVD

Published: 2019-07-07

Updated: 2020-08-24

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.08813