Insecure Key Transport in ASUS Devices Using ZigBee PRO Protocol
CVE-2019-15911

9.8CRITICAL

Key Information:

Vendor: Asus
Status: Hg100 Firmware
Vendor: CVE Published:; 20 December 2019

Summary

A vulnerability affecting various ASUS devices using the ZigBee PRO protocol allows attackers to exploit insecure key transport methods. This can lead to sensitive data exposure, unauthorized access to smart home devices, message tampering, and potential denial of service attacks. Users of these devices should implement security measures to mitigate risks associated with this vulnerability.

References

https://github.com/chengcheng227/CVE-POC/blob/master/CVE-...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 20, 2019
Vulnerability Reserved
Sep 4, 2019