CVE-2019-13953

{"id": "CVE-2019-13953", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2019-09-06T16:15:10.987", "references": [{"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2019-23494", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2019-23494", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An exploitable authentication bypass vulnerability exists in the Bluetooth Low Energy (BLE) authentication module of YI M1 Mirrorless Camera V3.2-cn. An attacker can send a set of BLE commands to trigger this vulnerability, resulting in sensitive data leakage (e.g., personal photos). An attacker can also control the camera to record or take a picture after bypassing authentication."}, {"lang": "es", "value": "Existe una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n explotable en el m\u00f3dulo de autenticaci\u00f3n Bluetooth Low Energy (BLE) de YI M1 Mirrorless Camera versi\u00f3n V3.2-cn. Un atacante puede enviar un conjunto de comandos de BLE para activar esta vulnerabilidad, resultando en una fuga de datos confidenciales (por ejemplo, fotos personales). Un atacante tambi\u00e9n puede controlar la c\u00e1mara para grabar o tomar una foto despu\u00e9s de omitir la autenticaci\u00f3n."}], "lastModified": "2024-11-21T04:25:46.203", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xiaoyi:yi_m1_mirrorless_camera_firmware:3.2-cn:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0AE87E47-2C6D-4ED8-B224-FB9A39DEDD16"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:xiaoyi:yi_m1_mirrorless_camera:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8F93AC29-B169-4335-AD1E-84F80F8FE639"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}