Vulnerabilities > CVE-2019-15067 - Unspecified vulnerability in Gigastone Smart Battery A2-25De Firmware 20131016

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

gigastone

critical

NVD

Published: 2019-09-25

Updated: 2020-08-24

Summary

An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?<= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. An attacker can bypass authentication and gain privilege by modifying the login page.

Vulnerable Configurations

Part	Description	Count
OS	Gigastone Gigastone Smart Battery A2 25De Firmware - Gigastone Smart Battery A2 25De Firmware 2013-10-16	2
Hardware	Gigastone Gigastone Smart Battery A2 25De -	1

References

https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=44
https://tvn.twcert.org.tw/taiwanvn/TVN-201908002