CVE-2019-13474
high-risk
Published 2019-09-16
TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have insufficient access control for the /set_dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands.
Do I need to act?
~
1.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (11)
Bobs Rock Radio Firmware
Dabman D10 Firmware
Dabman I30 Stereo Firmware
Imperial I110 Firmware
Imperial I150 Firmware
Imperial I200 Firmware
Imperial I200-Cd Firmware
Imperial I400 Firmware
Imperial I450 Firmware
Imperial I500-Bt Firmware
Imperial I600 Firmware
Affected Vendors
References (8)
Mailing List
http://seclists.org/fulldisclosure/2019/Sep/12
Mailing List
http://seclists.org/fulldisclosure/2019/Sep/12
52
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
4/34 · Minimal
Exposure
16/34 · Moderate