Vulnerabilities > CVE-2019-13379 - Exposure of Resource to Wrong Sphere vulnerability in Avtech Room Alert 3E Firmware

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

avtech

CWE-668

critical

NVD

Published: 2019-07-07

Updated: 2020-08-24

Summary

On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in.

Vulnerable Configurations

Part	Description	Count
OS	Avtech Avtech Room Alert 3E Firmware *	1
Hardware	Avtech Avtech Room Alert 3E -	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://jordonlovik.wordpress.com/2019/07/06/roomalert-by-avtech-critical-vulnerability-disclosure/
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
https://www.youtube.com/watch?v=X1PY7kMFkVg