Vulnerability Description
Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows attackers to obtain audio and video data, or insert spoofed video that does not correspond to the actual person at the door.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amazon | Ring Video Doorbell Firmware | < 3.4.7 |
| Amazon | Ring Video Doorbell | - |
Related Weaknesses (CWE)
References
- https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/Third Party Advisory
- https://www.theverge.com/2019/2/27/18243296/ring-doorbell-hacked-fake-images-secThird Party Advisory
- https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/Third Party Advisory
- https://www.theverge.com/2019/2/27/18243296/ring-doorbell-hacked-fake-images-secThird Party Advisory
FAQ
What is CVE-2019-9483?
CVE-2019-9483 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows attackers to obtain audio and video data, or insert spoofed video that does not correspond to the actual person at the door.
How severe is CVE-2019-9483?
CVE-2019-9483 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-9483?
Check the references section above for vendor advisories and patch information. Affected products include: Amazon Ring Video Doorbell Firmware, Amazon Ring Video Doorbell.