Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-19823

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.

Published

2020-01-27T18:15:12.883

Last Modified

2024-11-21T04:35:28.053

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-522

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	totolink	a3002ru_firmware	≤ 2.0.0	Yes
Hardware	totolink	a3002ru	-	No
Operating System	totolink	a702r_firmware	≤ 2.1.3	Yes
Hardware	totolink	a702r	-	No
Operating System	totolink	n302r_firmware	≤ 3.4.0	Yes
Hardware	totolink	n302r	-	No
Operating System	totolink	n300rt_firmware	≤ 3.4.0	Yes
Hardware	totolink	n300rt	-	No
Operating System	totolink	n200re_firmware	≤ 4.0.0	Yes
Hardware	totolink	n200re	-	No
Operating System	totolink	n150rt_firmware	≤ 3.4.0	Yes
Hardware	totolink	n150rt	-	No
Operating System	totolink	n100re_firmware	≤ 3.4.0	Yes
Hardware	totolink	n100re	-	No
Operating System	realtek	rtk_11n_ap_firmware	≤ 2019-12-12	Yes
Hardware	realtek	rtk_11n_ap	-	No
Operating System	sapido	gr297n_firmware	≤ 2019-12-12	Yes
Hardware	sapido	gr297n	-	No
Operating System	ciktel	mesh_router_firmware	≤ 2019-12-12	Yes
Hardware	ciktel	mesh_router	-	No
Operating System	kctvjeju	wireless_ap_firmware	≤ 2019-12-12	Yes
Hardware	kctvjeju	wireless_ap	-	No
Operating System	fg-products	fgn-r2_firmware	≤ 2019-12-12	Yes
Hardware	fg-products	fgn-r2	-	No
Operating System	hiwifi	max-c300n_firmware	≤ 2019-12-12	Yes
Hardware	hiwifi	max-c300n	-	No
Operating System	tbroad	gn-866ac_firmware	≤ 2019-12-12	Yes
Hardware	tbroad	gn-866ac	-	No
Operating System	coship	emta_ap_firmwre	≤ 2019-12-12	Yes
Hardware	coship	emta_ap	-	No
Operating System	iodata	wn-ac1167r_firmwre	≤ 2019-12-12	Yes
Hardware	iodata	wn-ac1167r	-	No
Operating System	hcn_max-c300n_project	hcn_max-c300n_firmware	≤ 2019-12-12	Yes
Hardware	hcn_max-c300n_project	hcn_max-c300n	-	No
Operating System	totolink	n301rt_firmware	≤ 2.1.6	Yes
Hardware	totolink	n301rt	-	No

References

http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz Exploit, Third Party Advisory ([email protected])
http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html Exploit, Third Party Advisory, VDB Entry ([email protected])
http://seclists.org/fulldisclosure/2020/Jan/36 Mailing List, Third Party Advisory ([email protected])
http://seclists.org/fulldisclosure/2020/Jan/38 Exploit, Mailing List, Third Party Advisory ([email protected])
https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#L13 Third Party Advisory ([email protected])
https://sploit.tech Third Party Advisory ([email protected])
http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2020/Jan/36 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2020/Jan/38 Exploit, Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#L13 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://sploit.tech Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)