CVE-2019-15911

CRITICAL

ASUS HG100/MW100/WS-101/TS-101/AS-101/MS-101/DL-101 Firmware - Cleartext Sensitive Info via ZigBee PRO

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-15911. PoCs published by chengcheng227.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2019-15911, focusing on insecure key transport in ZigBee communication affecting ASUS smart home devices. It includes attack demonstrations, key sniffing techniques, message tampering, and denial-of-service methods.

Description

An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Because of insecure key transport in ZigBee communication, attackers can obtain sensitive information, cause the multiple denial of service attacks, take over smart home devices, and tamper with messages.

Exploits (1)

github WRITEUP 9 stars
by chengcheng227 · poc
https://github.com/chengcheng227/CVE-POC/tree/master/CVE-2019-15911.md

This repository provides a detailed technical analysis of CVE-2019-15911, focusing on insecure key transport in ZigBee communication affecting ASUS smart home devices. It includes attack demonstrations, key sniffing techniques, message tampering, and denial-of-service methods.

Classification
Writeup 95%
Attack Type
Info Leak | Dos
Complexity
Moderate
Reliability
Reliable
Target: ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101
No auth needed
Prerequisites: ZigBee PRO network access · Default trust center link key · KillerBee/Wireshark for packet analysis
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0084
EPSS Percentile 53.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-319
Status published
Products (7)
asus/as-101_firmware
asus/dl-101_firmware
asus/hg100_firmware
asus/ms-101_firmware
asus/mw100_firmware
asus/ts-101_firmware
asus/ws-101_firmware
Published Dec 20, 2019
Tracked Since Feb 18, 2026