Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2019-12941

Published: 14/10/2019 Updated: 07/11/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 891
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Wi-fi\/nb Firmware

Vulnerability Summary

AutoPi Wi-Fi/NB and 4G/LTE devices prior to 2019-10-15 allows an malicious user to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. The default WiFi password and WiFi SSID are derived from the same hash function output (input is only 8 characters), which allows an malicious user to deduce the WiFi password from the WiFi SSID.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

autopi wi-fi\\/nb_firmware

autopi 4g\\/lte_firmware

Github Repositories

https://github.com/jmatss/thesis-cuda

PoC for vulnerability found on the Autopi dongle (GPU version)

IoT Penetration Testing: Security analysis of a car dongle Proof of concept for hack on AutoPi found during bachelor thesis (link, CVE-2019-12941) Vulnerability The Raspberry Pi which the AutoPi is built upon, has a unique 8 character hex serial number This number is md5 hashed into a 32 character hex string, also known as the “dongle id“, “unit id” or

https://github.com/jmatss/thesis-rust

PoC for vulnerability found on the Autopi dongle (wordlist version)

IoT Penetration Testing: Security analysis of a car dongle Proof of concept for hack on AutoPi found during bachelor thesis (link, CVE-2019-12941) Vulnerability The Raspberry Pi which the AutoPi is built upon, has a unique 8 character hex serial number This number is md5 hashed into a 32 character hex string, also known as the “dongle id“, “unit id” or

https://github.com/jmatss/thesis-java

PoC for vulnerability found on the Autopi dongle (wordlist version)

IoT Penetration Testing: Security analysis of a car dongle Proof of concept for hack on AutoPi found during bachelor thesis (link, CVE-2019-12941) Vulnerability The Raspberry Pi which the AutoPi is built upon, has a unique 8 character hex serial number This number is md5 hashed into a 32 character hex string, also known as the “dongle id“, “unit id” or

https://github.com/jmatss/thesis-go

PoC for vulnerability found on the Autopi dongle (wordlist version rewritten in Go)

IoT Penetration Testing: Security analysis of a car dongle Proof of concept for hack on AutoPi found during bachelor thesis (link, CVE-2019-12941) Vulnerability The Raspberry Pi which the AutoPi is built upon, has a unique 8 character hex serial number This number is md5 hashed into a 32 character hex string, also known as the “dongle id“, “unit id” or

References

CWE-307https://www.kth.se/nse/research/software-systems-architecture-and-security/http://www.diva-portal.org/smash/get/diva2:1334244/FULLTEXT01.pdfhttps://www.kth.se/polopoly_fs/1.931922.1571071632%21/Burdzovic_Matsson_dongle_v2.pdfhttps://nvd.nist.govhttps://github.com/jmatss/thesis-cuda
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validationCVE-2024-34413CVE-2024-34089CVE-2024-33408localSQLCVE-2024-0402CVE-2024-33910CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook