CVE-2019-6005 : Smart TV Box firmware version prior to 1300 allows remote attackers to bypass ac

Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user's intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP.

Published 2019-09-12 17:15:15

Updated 2020-08-24 17:37:01

Source JPCERT/CC

View at NVD, CVE.org

Products affected by CVE-2019-6005

Kddi » Smart Tv Box Firmware
Versions before (<) 1300
cpe:2.3:o:kddi:smart_tv_box_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Kddi » Smart Tv Box » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-6005

EPSS FAQ

0.48%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 63 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-6005

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2019-6005

http://jvn.jp/en/jp/JVN17127920/index.html

JVN#17127920: Smart TV Box fails to restrict access permissions
Third Party Advisory

Jump to

Vulnerability Details : CVE-2019-6005

Products affected by CVE-2019-6005

Exploit prediction scoring system (EPSS) score for CVE-2019-6005

CVSS scores for CVE-2019-6005

References for CVE-2019-6005