CVE-2019-19823

Published: Jan 27, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.

Affected (18)

Products: Totolink: A3002ru Firmware, A702r Firmware, N302r Firmware, N300rt Firmware, N200re Firmware, N150rt Firmware, N100re Firmware, N301rt Firmware · Realtek: Rtk 11n Ap Firmware · Sapido: Gr297n Firmware · +8 more

Show all products

8 products

1 product

1 product

1 product

1 product

1 product

1 product

1 product

1 product

1 product

Hcn Max C300n Project

1 product

Hcn Max C300n Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink A3002ru Firmware	Up to 2.0.0

Running on/with	Platform Versions
Totolink A3002ru	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink A702r Firmware	Up to 2.1.3

Running on/with	Platform Versions
Totolink A702r	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink N302r Firmware	Up to 3.4.0

Running on/with	Platform Versions
Totolink N302r	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink N300rt Firmware	Up to 3.4.0

Running on/with	Platform Versions
Totolink N300rt	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink N200re Firmware	Up to 4.0.0

Running on/with	Platform Versions
Totolink N200re	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink N150rt Firmware	Up to 3.4.0

Running on/with	Platform Versions
Totolink N150rt	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink N100re Firmware	Up to 3.4.0

Running on/with	Platform Versions
Totolink N100re	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Realtek Rtk 11n Ap Firmware	Up to 2019-12-12

Running on/with	Platform Versions
Realtek Rtk 11n Ap	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sapido Gr297n Firmware	Up to 2019-12-12

Running on/with	Platform Versions
Sapido Gr297n	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ciktel Mesh Router Firmware	Up to 2019-12-12

Running on/with	Platform Versions
Ciktel Mesh Router	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kctvjeju Wireless Ap Firmware	Up to 2019-12-12

Running on/with	Platform Versions
Kctvjeju Wireless Ap	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fg Products Fgn R2 Firmware	Up to 2019-12-12

Running on/with	Platform Versions
Fg Products Fgn R2	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hiwifi Max C300n Firmware	Up to 2019-12-12

Running on/with	Platform Versions
Hiwifi Max C300n	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tbroad Gn 866ac Firmware	Up to 2019-12-12

Running on/with	Platform Versions
Tbroad Gn 866ac	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Coship Emta Ap Firmwre	Up to 2019-12-12

Running on/with	Platform Versions
Coship Emta Ap	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Wn Ac1167r Firmwre	Up to 2019-12-12

Running on/with	Platform Versions
Iodata Wn Ac1167r	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hcn Max C300n Project Hcn Max C300n Firmware	Up to 2019-12-12

Running on/with	Platform Versions
Hcn Max C300n Project Hcn Max C300n	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink N301rt Firmware	Up to 2.1.6

Running on/with	Platform Versions
Totolink N301rt	All versions

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (12)

http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz

Source: cve@mitre.org

ExploitThird Party Advisory

http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2020/Jan/36

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2020/Jan/38

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#L13

Source: cve@mitre.org

Third Party Advisory

https://sploit.tech

Source: cve@mitre.org

Third Party Advisory

http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz