Vulnerabilities > CVE-2019-13379 - Exposure of Resource to Wrong Sphere vulnerability in Avtech Room Alert 3E Firmware

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

avtech

CWE-668

NVD

Published: 2019-07-07

Updated: 2020-08-24

Summary

On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in.

Vulnerable Configurations

Part	Description	Count
OS	Avtech Avtech Room Alert 3E Firmware *	1
Hardware	Avtech Avtech Room Alert 3E -	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://www.youtube.com/watch?v=X1PY7kMFkVg
https://jordonlovik.wordpress.com/2019/07/06/roomalert-by-avtech-critical-vulnerability-disclosure/
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010