CVE-2019-19825

Published: Jan 27, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform router actions via HTTP requests with Basic Authentication.) This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0.

Affected (8)

Products: Totolink: A3002ru Firmware, A702r Firmware, N301rt Firmware, N302r Firmware, N300rt Firmware, N200re Firmware, N150rt Firmware, N100re Firmware

8 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink A3002ru Firmware	Up to 2.0.0

Running on/with	Platform Versions
Totolink A3002ru	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink A702r Firmware	Up to 2.1.3

Running on/with	Platform Versions
Totolink A702r	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink N301rt Firmware	Up to 2.1.6

Running on/with	Platform Versions
Totolink N301rt	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink N302r Firmware	Up to 3.4.0

Running on/with	Platform Versions
Totolink N302r	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink N300rt Firmware	Up to 3.4.0

Running on/with	Platform Versions
Totolink N300rt	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink N200re Firmware	Up to 4.0.0

Running on/with	Platform Versions
Totolink N200re	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink N150rt Firmware	Up to 3.4.0

Running on/with	Platform Versions
Totolink N150rt	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink N100re Firmware	Up to 3.4.0

Running on/with	Platform Versions
Totolink N100re	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (8)

http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2020/Jan/36

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2020/Jan/38

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://sploit.tech

Source: cve@mitre.org

ExploitThird Party Advisory

http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2020/Jan/36

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2020/Jan/38

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://sploit.tech

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.