NVD Vulnerability Detail

CVE-2019-15653

Summary	Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real value, i.e., md5(md5(value)).
Publication Date	March 20, 2020, 3:15 a.m.
Registration Date	Jan. 26, 2021, 11:39 a.m.
Last Update	Nov. 21, 2024, 1:29 p.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	https://www.comba-telecom.com/en/news	Vendor Advisory
2	https://www.comba-telecom.com/en/news	Vendor Advisory
3	https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=26164	Exploit Third Party Advisory
4	https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=26164	Exploit Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-311	重要なデータの暗号化の欠如	https://cwe.mitre.org/data/definitions/311.html
2	CWE-522	認証情報の不十分な保護	https://cwe.mitre.org/data/definitions/522.html
3	CWE-327	不完全、または危険な暗号アルゴリズムの使用	https://cwe.mitre.org/data/definitions/327.html

JVN Vulnerability Information

Comba AP2600-I デバイスにおける認証情報の不十分な保護に関する脆弱性

Title	Comba AP2600-I デバイスにおける認証情報の不十分な保護に関する脆弱性
Summary	Comba AP2600-I デバイスには、認証情報の不十分な保護に関する脆弱性が存在します。
Possible impacts	情報を取得される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Sept. 10, 2019, midnight
Registration Date	April 7, 2020, 8:50 a.m.
Last Update	April 7, 2020, 8:50 a.m.

Affected System

Comba

AP2600-I - A02 - 0202N00PD2 ファームウェア

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2019-15653	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15653
National Vulnerability Database (NVD)
2	CVE-2019-15653	https://nvd.nist.gov/vuln/detail/CVE-2019-15653

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-522	https://cwe.mitre.org/data/definitions/522.html

ベンダー情報

No	Name	URL
Comba
1	PRESS ROOM	https://www.comba-telecom.com/en/news

その他

No	Name	URL
関連文書
1	Trustwave SpiderLabs Security Advisory TWSL2019-007:	https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=26164

Change Log

No	Changed Details	Date of change
1	[2020年04月07日] 掲載	April 7, 2020, 8:50 a.m.