CVE-2019-13379
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
07/07/2019
Last modified:
17/06/2026
Description
On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
9.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:avtech:room_alert_3e_firmware:*:*:*:*:*:*:*:* | 2.2.5 (excluding) | |
| cpe:2.3:h:avtech:room_alert_3e:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://jordonlovik.wordpress.com/2019/07/06/roomalert-by-avtech-critical-vulnerability-disclosure/
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
- https://www.youtube.com/watch?v=X1PY7kMFkVg
- https://jordonlovik.wordpress.com/2019/07/06/roomalert-by-avtech-critical-vulnerability-disclosure/
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
- https://www.youtube.com/watch?v=X1PY7kMFkVg



