Vulnerability Description
On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avtech | Room Alert 3E Firmware | < 2.2.5 |
| Avtech | Room Alert 3E | - |
Related Weaknesses (CWE)
References
- https://jordonlovik.wordpress.com/2019/07/06/roomalert-by-avtech-critical-vulnerExploitThird Party Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
- https://www.youtube.com/watch?v=X1PY7kMFkVgExploitThird Party Advisory
- https://jordonlovik.wordpress.com/2019/07/06/roomalert-by-avtech-critical-vulnerExploitThird Party Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
- https://www.youtube.com/watch?v=X1PY7kMFkVgExploitThird Party Advisory
FAQ
What is CVE-2019-13379?
CVE-2019-13379 is a vulnerability with a CVSS score of 8.8 (HIGH). On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action...
How severe is CVE-2019-13379?
CVE-2019-13379 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-13379?
Check the references section above for vendor advisories and patch information. Affected products include: Avtech Room Alert 3E Firmware, Avtech Room Alert 3E.