CVE-2019-19823

Exploit

EPSS 1.36%
Published 27.01.2020 18:15:12
Last modified 21.11.2024 04:35:28
Source cve@mitre.org
Teams watchlist Login
Open Login

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.

Affected products Warnungen 0 Metrics 3 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Totolink ≫ A3002ru Firmware Version <= 2.0.0

Totolink ≫ A3002ru Version-

Totolink ≫ A702r Firmware Version <= 2.1.3

Totolink ≫ A702r Version-

Totolink ≫ N302r Firmware Version <= 3.4.0

Totolink ≫ N302r Version-

Totolink ≫ N300rt Firmware Version <= 3.4.0

Totolink ≫ N300rt Version-

Totolink ≫ N200re Firmware Version <= 4.0.0

Totolink ≫ N200re Version-

Totolink ≫ N150rt Firmware Version <= 3.4.0

Totolink ≫ N150rt Version-

Totolink ≫ N100re Firmware Version <= 3.4.0

Totolink ≫ N100re Version-

Realtek ≫ Rtk 11n Ap Firmware Version <= 2019-12-12

Realtek ≫ Rtk 11n Ap Version-

Sapido ≫ Gr297n Firmware Version <= 2019-12-12

Sapido ≫ Gr297n Version-

Ciktel ≫ Mesh Router Firmware Version <= 2019-12-12

Ciktel ≫ Mesh Router Version-

Kctvjeju ≫ Wireless Ap Firmware Version <= 2019-12-12

Kctvjeju ≫ Wireless Ap Version-

Fg-products ≫ Fgn-r2 Firmware Version <= 2019-12-12

Fg-products ≫ Fgn-r2 Version-

Hiwifi ≫ Max-c300n Firmware Version <= 2019-12-12

Hiwifi ≫ Max-c300n Version-

Tbroad ≫ Gn-866ac Firmware Version <= 2019-12-12

Tbroad ≫ Gn-866ac Version-

Coship ≫ Emta Ap Firmwre Version <= 2019-12-12

Coship ≫ Emta Ap Version-

Iodata ≫ Wn-ac1167r Firmwre Version <= 2019-12-12

Iodata ≫ Wn-ac1167r Version-

Hcn Max-c300n Project ≫ Hcn Max-c300n Firmware Version <= 2019-12-12

Hcn Max-c300n Project ≫ Hcn Max-c300n Version-

Totolink ≫ N301rt Firmware Version <= 2.1.6

Totolink ≫ N301rt Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.36%	0.793

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html

Third Party Advisory

Exploit

VDB Entry

http://seclists.org/fulldisclosure/2020/Jan/36

Third Party Advisory

Mailing List

http://seclists.org/fulldisclosure/2020/Jan/38

Third Party Advisory

Exploit

Mailing List

https://sploit.tech