Lucene search

[email protected]CVE-2019-16313

HistorySep 14, 2019 - 4:15 p.m.

CVE-2019-16313

2019-09-1416:15:10

CWE-798

[email protected]

web.nvd.nist.gov

ifw8

router

rom

v4.31

credential disclosure

action

usermanager.htm

html

source code

cve-2019-16313

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.024 Low

EPSS

Percentile

89.9%

JSON

ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code.

Affected configurations

NVD

Node

ifw8fr6_firmwareMatch4.31

AND

ifw8fr6Match-

Node

ifw8fr8_firmwareMatch4.31

AND

ifw8fr8Match-

Node

ifw8fr5_firmwareMatch4.31

AND

ifw8fr5Match-

Node

ifw8fr5-e_firmwareMatch4.31

AND

ifw8fr5-eMatch-

Node

ifw8fr6-s_firmwareMatch4.31

AND

ifw8fr6-sMatch-

CPENameOperatorVersion
ifw8:fr6_firmwareifw8 fr6 firmwareeq4.31

CPE	Name	Operator	Version
ifw8:fr6_firmware	ifw8 fr6 firmware	eq	4.31

References

www.iwantacve.cn/index.php/archives/311/

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.024 Low

EPSS

Percentile

89.9%

JSON

Related for CVE-2019-16313

cvelist1 prion1 nvd1 nuclei1