{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-14T10:49:01.403","vulnerabilities":[{"cve":{"id":"CVE-2019-11061","sourceIdentifier":"twcert@cert.org.tw","published":"2019-08-29T01:15:10.930","lastModified":"2024-11-21T04:20:27.743","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."},{"lang":"es","value":"Una vulnerabilidad de control de acceso interrumpida en las versiones de firmware HG100 hasta 4.00.06 permite que un atacante en la misma red de área local controle dispositivos IoT que se conectan a sí mismos mediante http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 Puntuación Base 10 (Impactos de Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."}],"metrics":{"cvssMetricV30":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:P/I:P/A:N","baseScore":4.8,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":6.5,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:asus:hg100_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"4.00.09","matchCriteriaId":"5B3A41D7-B16C-4FA5-89A3-BF761FEF8444"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:asus:hg100:-:*:*:*:*:*:*:*","matchCriteriaId":"DFEFB004-6477-408B-A114-8ABCA8AC8D19"}]}]}],"references":[{"url":"http://surl.twcert.org.tw/5df6x","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]},{"url":"https://github.com/tim124058/ASUS-SmartHome-Exploit/","source":"twcert@cert.org.tw","tags":["Exploit","Third Party Advisory"]},{"url":"https://tvn.twcert.org.tw/taiwanvn/TVN-201906003","source":"twcert@cert.org.tw","tags":["Exploit","Third Party Advisory"]},{"url":"http://surl.twcert.org.tw/5df6x","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/tim124058/ASUS-SmartHome-Exploit/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://tvn.twcert.org.tw/taiwanvn/TVN-201906003","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}