CVE-2019-18263

Description

An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual WAN Router, Veradius Unity (718132) with wireless option (shipped between 2016-August 2018), Veradius Unity (718132) with ViewForum option (shipped between 2016-August 2018), Pulsera (718095) and Endura (718075) with wireless option (shipped between 26-June-2017 through 07-August 2018), Pulsera (718095) and Endura (718075) with ViewForum option (shipped between 26-June-2017 through 07-August 2018). The router software uses an encryption scheme that is not strong enough for the level of protection required.

References

Link	Tags
https://www.us-cert.gov/ics/advisories/icsma-19-353-01	third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2019-18263?: CVE-2019-18263 has been scored as a medium severity vulnerability.
How to fix CVE-2019-18263?: To fix CVE-2019-18263, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2019-18263 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2019-18263 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2019-18263?: CVE-2019-18263 affects n/a Philips Veradius Unity, Pulsera, and Endura Dual WAN Router.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-326 – Inadequate Encryption Strength

References

Frequently Asked Questions