Vulnerabilities > CVE-2019-13379 - Exposure of Resource to Wrong Sphere vulnerability in Avtech Room Alert 3E Firmware
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 | |
Hardware | 1 |
Common Weakness Enumeration (CWE)
References
- https://jordonlovik.wordpress.com/2019/07/06/roomalert-by-avtech-critical-vulnerability-disclosure/
- https://jordonlovik.wordpress.com/2019/07/06/roomalert-by-avtech-critical-vulnerability-disclosure/
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
- https://www.youtube.com/watch?v=X1PY7kMFkVg
- https://www.youtube.com/watch?v=X1PY7kMFkVg