Login Sign Up

CVE-2019-6005

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability allows remote attackers to bypass access restrictions on Smart TV Box devices via Android Debug Bridge (ADB) port 5555/TCP. Attackers can perform arbitrary operations without user consent, including installing malicious software or changing device settings. This affects Smart TV Box devices running firmware versions prior to 1300.

💻 Affected Systems

Products:
  • Smart TV Box devices (various manufacturers)
Versions: All firmware versions prior to 1300
Operating Systems: Android-based TV firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Devices with ADB debugging enabled and port 5555 exposed are vulnerable. Many Smart TV Boxes ship with these settings enabled by default.

📦 What is this software?

Smart Tv Box Firmware by Kddi

View all CVEs affecting Smart Tv Box Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing installation of persistent malware, data theft, device bricking, or use as part of a botnet.

🟠

Likely Case

Unauthorized software installation leading to adware, cryptocurrency miners, or surveillance tools being deployed on devices.

🟢

If Mitigated

Limited impact if network segmentation and firewall rules prevent external access to port 5555.

🌐 Internet-Facing: HIGH - Port 5555/TCP is exposed by default, allowing direct remote exploitation without authentication.
🏢 Internal Only: MEDIUM - Requires attacker to be on the same network segment, but exploitation remains trivial.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only network access to port 5555 and standard ADB commands. No authentication or user interaction needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware version 1300 or later

Vendor Advisory: http://jvn.jp/en/jp/JVN17127920/index.html

Restart Required: Yes

Instructions:

1. Check current firmware version. 2. Download firmware update 1300+ from manufacturer. 3. Apply update via device settings or USB. 4. Reboot device. 5. Verify ADB debugging is disabled.

🔧 Temporary Workarounds

Disable ADB Debugging

all

Turn off Android Debug Bridge functionality to prevent remote access

Navigate to Settings > Developer Options > USB Debugging (set to OFF)
Settings > Developer Options > Network ADB (set to OFF)

Firewall Port Blocking

linux

Block port 5555/TCP at network perimeter and device firewall

iptables -A INPUT -p tcp --dport 5555 -j DROP
ufw deny 5555/tcp

🧯 If You Can't Patch

  • Segment Smart TV Boxes on isolated network VLAN without internet access
  • Implement strict firewall rules blocking all traffic to port 5555 from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check if port 5555 is open: 'nmap -p 5555 <device_ip>' or 'telnet <device_ip> 5555'. If connection succeeds, device is vulnerable.

Check Version:

Check in Settings > About > Build Number or Settings > System > About

Verify Fix Applied:

Verify firmware version is 1300+ in device settings and port 5555 is no longer accessible.

📡 Detection & Monitoring

Log Indicators:

  • ADB connection attempts in system logs
  • Unauthorized package installations
  • Unexpected device configuration changes

Network Indicators:

  • Outbound connections from port 5555
  • ADB protocol traffic on port 5555
  • Unexpected network scans targeting port 5555

SIEM Query:

source_port=5555 OR dest_port=5555 OR protocol="adb" OR event_description="Android Debug Bridge"

📊 Metadata

CVE ID: CVE-2019-6005
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: September 12, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON