Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-19823
HistoryJan 27, 2020 - 6:15 p.m.

CVE-2019-19823

2020-01-2718:15:12
CWE-522
[email protected]
web.nvd.nist.gov
69
cve-2019-19823
router
administration interface
realtek
boa
cleartext passwords
flash memory
nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.9 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

81.0%

JSON

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.

Affected configurations

NVD
Node
totolinka3002ru_firmwareRange2.0.0
AND
totolinka3002ruMatch-
Node
totolinka702r_firmwareRange2.1.3
AND
totolinka702rMatch-
Node
totolinkn302r_firmwareRange3.4.0
AND
totolinkn302rMatch-
Node
totolinkn300rt_firmwareRange3.4.0
AND
totolinkn300rtMatch-
Node
totolinkn200re_firmwareRange4.0.0
AND
totolinkn200reMatch-
Node
totolinkn150rt_firmwareRange3.4.0
AND
totolinkn150rtMatch-
Node
totolinkn100re_firmwareRange3.4.0
AND
totolinkn100reMatch-
Node
realtekrtk_11n_ap_firmwareRange2019-12-12
AND
realtekrtk_11n_apMatch-
Node
sapidogr297n_firmwareRange2019-12-12
AND
sapidogr297nMatch-
Node
ciktelmesh_router_firmwareRange2019-12-12
AND
ciktelmesh_routerMatch-
Node
kctvjejuwireless_ap_firmwareRange2019-12-12
AND
kctvjejuwireless_apMatch-
Node
fg-productsfgn-r2_firmwareRange2019-12-12
AND
fg-productsfgn-r2Match-
Node
hiwifimax-c300n_firmwareRange2019-12-12
AND
hiwifimax-c300nMatch-
Node
tbroadgn-866ac_firmwareRange2019-12-12
AND
tbroadgn-866acMatch-
Node
coshipemta_ap_firmwreRange2019-12-12
AND
coshipemta_apMatch-
Node
iodatawn-ac1167r_firmwreRange2019-12-12
AND
iodatawn-ac1167rMatch-
Node
hcn_max-c300n_projecthcn_max-c300n_firmwareRange2019-12-12
AND
hcn_max-c300n_projecthcn_max-c300nMatch-
Node
totolinkn301rt_firmwareRange2.1.6
AND
totolinkn301rtMatch-

Related

cvelist 1
prion 1
nvd 1
packetstorm 1
zdt 1
cvelist
cvelist
CVE-2019-19823
2020-01-27 17:49:21
prion
prion
Design/Logic Flaw
2020-01-27 18:15:00
nvd
nvd
CVE-2019-19823
2020-01-27 18:15:12
packetstorm
packetstorm
Realtek SDK Information Disclosure / Code Execution
2020-01-24 00:00:00
zdt
zdt
Realtek SDK Information Disclosure / Code Execution Exploit
2020-01-27 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.9 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

81.0%

JSON
Related for CVE-2019-19823
cvelist1prion1nvd1packetstorm1zdt1