Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.1
CVSSv3

CVE-2019-15304

Published: 26/08/2019 Updated: 24/09/2020
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Subscribe to Wifi Grilling Thermometer Firmware

Vulnerability Summary

Lierda Grill Temperature Monitor V1.00_50006 has a default password of admin for the admin account, which allows an malicious user to cause a Denial of Service or Information Disclosure via the undocumented access-point configuration page located on the device. This wifi thermometer app requests and requires excessive permissions to operate such as Fine GPS location, camera, applists, Serial number, IMEI. In addition to the "backdoor" login access for "admin" purposes, this accompanying app also establishes connections with several china based URLs to include Alibaba cloud computing. NOTE: this device also ships with ProGrade branding.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

progradegrill wifi_grilling_thermometer_firmware 1.00_50006

Exploits

Exploit DB: ProGrade/Lierda Grill Temperature 1.00_50006 Hardcoded Credentials
ProGrade/Lierda Grill Temperature version 100_50006 suffers from having hard-coded credentials that allow for denial of service and information disclosure attacks ...

Mailing Lists

Full Disclosure: Hard-coded credentials on ProGrade/Lierda Grill Temperature Monitor [CVE-2019-15304]
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Hard-coded credentials on ProGrade/Lierda Grill Temperature Monitor [CVE-2019-15304] <!--X-Subject-Header-End--> <!--X ...

References

CWE-1188http://progradegrill.com/wifi-grilling-thermometer/http://seclists.org/fulldisclosure/2019/Aug/24http://packetstormsecurity.com/files/154221/ProGrade-Lierda-Grill-Temperature-1.00_50006-Hardcoded-Credentials.htmlhttps://www.joesandbox.com/analysis/287596/0/htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/154221/ProGrade-Lierda-Grill-Temperature-1.00_50006-Hardcoded-Credentials.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook