CVE-2019-11848 MEDIUM

CVE-2019-11848: ALEOS AT Command API Abuse

Vendor N/A
Product n/a
Published August 21, 2020
Last update September 17, 2024

CVSS base score

4.1/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values.

Key dates

02Disclosure timeline

August 21, 2020 CVE published
September 17, 2024 Record updated