Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2019-19194

Published: 12/02/2020 Updated: 24/08/2020
CVSS v2 Base Score: 5.8 | Impact Score: 6.4 | Exploitability Score: 6.5
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 516
Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Tlsr8258 Ble Sdk

Vulnerability Summary

The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x up to and including 3.4.0, TLSR823x up to and including 1.3.0, and TLSR826x up to and including 3.3 devices installs a zero long term key (LTK) if an out-of-order link-layer encryption request is received during Secure Connections pairing. An attacker in radio range can have arbitrary read/write access to protected GATT service data, cause a device crash, or possibly control a device's function by establishing an encrypted session with the zero LTK.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

telink-semi tlsr8258_ble_sdk

telink-semi tlsr8269_ble_sdk

telink-semi tlsr8253_ble_sdk

telink-semi tlsr8251_ble_sdk

telink-semi tlsr8232_ble_sdk

Github Repositories

https://github.com/louisabricot/writeup-cve-2019-19194

A writeup and theoretical Proof-of-Concept for CVE-2019-19194

Writeup CVE-2019-19194 This is a writeup and theoretical Proof-of-Concept of CVE-2019-19194 ⚠️ This CVE was found by asset-groupgithubio/disclosures/sweyntooth/ Table of Content Summary Vulnerable software and version Overview Protocol Stack and Architecture Pairing Procedure Proof of Concept References Summary This report describes how the Zero L

References

NVD-CWE-noinfohttp://www.telink-semi.com/blehttps://asset-group.github.io/disclosures/sweyntooth/https://nvd.nist.govhttps://github.com/louisabricot/writeup-cve-2019-19194
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook