CVE-2019-9483

Опубликовано: 01 мар. 2019

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows attackers to obtain audio and video data, or insert spoofed video that does not correspond to the actual person at the door.

Ссылки

https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/
Third Party Advisory
https://www.theverge.com/2019/2/27/18243296/ring-doorbell-hacked-fake-images-security-experts
Third Party Advisory
https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/
Third Party Advisory
https://www.theverge.com/2019/2/27/18243296/ring-doorbell-hacked-fake-images-security-experts
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:amazon:ring_video_doorbell_firmware:*:*:*:*:*:*:*:*

Версия до 3.4.7 (исключая)

cpe:2.3:h:amazon:ring_video_doorbell:-:*:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00077

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-327

Связанные уязвимости

GHSA-grcc-x5cc-59x5