MidnightBSD

Advisories for telestar

CVE-2019-13473 HIGH

TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have an undocumented TELNET service within the BusyBox subsystem, leading to root access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
telestar dabman_d10_firmware -
telestar imperial_i450_firmware -
telestar imperial_i600_firmware -
telestar imperial_i150_firmware -
auna connect_100_firmware -
telestar imperial_i110_firmware -
telestar imperial_i400_firmware -
telestar imperial_i200_firmware -
telestar imperial_i200-cd_firmware -
telestar imperial_i500-bt_firmware -
telestar dabman_i30_stereo_firmware -
telestar bobs_rock_radio_firmware -
CVE-2019-13474 HIGH

TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have insufficient access control for the /set_dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
telestar dabman_d10_firmware -
telestar imperial_i400_firmware -
telestar imperial_i450_firmware -
telestar imperial_i600_firmware -
telestar imperial_i200_firmware -
telestar imperial_i150_firmware -
telestar imperial_i200-cd_firmware -
telestar imperial_i500-bt_firmware -
telestar imperial_i110_firmware -
telestar dabman_i30_stereo_firmware -
telestar bobs_rock_radio_firmware -