7.5

CVE-2019-19822

Exploit

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TotolinkA3002ru Firmware Version <= 2.0.0
   TotolinkA3002ru Version-
TotolinkA702r Firmware Version <= 2.1.3
   TotolinkA702r Version-
TotolinkN302r Firmware Version <= 3.4.0
   TotolinkN302r Version-
TotolinkN300rt Firmware Version <= 3.4.0
   TotolinkN300rt Version-
TotolinkN200re Firmware Version <= 4.0.0
   TotolinkN200re Version-
TotolinkN150rt Firmware Version <= 3.4.0
   TotolinkN150rt Version-
TotolinkN100re Firmware Version <= 3.4.0
   TotolinkN100re Version-
RealtekRtk 11n Ap Firmware Version <= 2019-12-12
   RealtekRtk 11n Ap Version-
SapidoGr297n Firmware Version <= 2019-12-12
   SapidoGr297n Version-
CiktelMesh Router Firmware Version <= 2019-12-12
   CiktelMesh Router Version-
KctvjejuWireless Ap Firmware Version <= 2019-12-12
   KctvjejuWireless Ap Version-
Fg-productsFgn-r2 Firmware Version <= 2019-12-12
   Fg-productsFgn-r2 Version-
HiwifiMax-c300n Firmware Version <= 2019-12-12
   HiwifiMax-c300n Version-
TbroadGn-866ac Firmware Version <= 2019-12-12
   TbroadGn-866ac Version-
CoshipEmta Ap Firmwre Version <= 2019-12-12
   CoshipEmta Ap Version-
IodataWn-ac1167r Firmwre Version <= 2019-12-12
   IodataWn-ac1167r Version-
TotolinkN301rt Firmware Version <= 2.1.6
   TotolinkN301rt Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.79% 0.855
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

http://seclists.org/fulldisclosure/2020/Jan/36
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2020/Jan/38
Third Party Advisory
Exploit
Mailing List
https://sploit.tech
Third Party Advisory