Privilege Escalation Vulnerability in AVTECH Room Alert 3E Devices
CVE-2019-13379

8.8HIGH

Key Information:

Vendor: Avtech
Status: Room Alert 3e Firmware
Vendor: CVE Published:; 7 July 2019

What is CVE-2019-13379?

AVTECH Room Alert 3E devices prior to version 2.2.5 are susceptible to a vulnerability that allows an unauthenticated user to escalate their privileges to that of an administrator. This can be accomplished by accessing the device's web interface and executing a reset command using the default credentials, thus gaining unauthorized access to sensitive administrative functionalities. It is crucial for users to update their devices to mitigate this security risk.

References

https://jordonlovik.wordpress.com/2019/07/06/roomalert-by...

x_refsource_MISC

https://www.youtube.com/watch?v=X1PY7kMFkVg

x_refsource_MISC

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-201...

x_refsource_CONFIRM

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 7, 2019
Vulnerability Reserved
Jul 7, 2019

Avtech

What is CVE-2019-13379?

References

EPSS Score

CVSS V3.1

Timeline