CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-11061

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1680%
EPSS Percentile2.20th
Published2019年8月29日
Last Modified2024年11月21日

Vulnerability Description

A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Affected Platforms (CPE)

💻
Asus

Hg100 Firmware

< 4.00.09

References & Advisories

🔗 http://surl.twcert.org.tw/5df6x
🔗 https://github.com/tim124058/ASUS-SmartHome-Exploit/
🔗 https://tvn.twcert.org.tw/taiwanvn/TVN-201906003
🔗 http://surl.twcert.org.tw/5df6x
🔗 https://github.com/tim124058/ASUS-SmartHome-Exploit/
🔗 https://tvn.twcert.org.tw/taiwanvn/TVN-201906003

相關漏洞威脅

CVE-2018-114919.8

ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution.

CVE-2019-110607.5

The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an ...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...