Lucene search

[email protected]NVD:CVE-2019-19822

HistoryJan 27, 2020 - 6:15 p.m.

CVE-2019-19822

2020-01-2718:15:12

CWE-306

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.016

Percentile

87.4%

JSON

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.

Affected configurations

Nvd

Node

totolinka3002ruMatch-

AND

totolinka3002ru_firmwareRange≤2.0.0

Node

totolinka702rMatch-

AND

totolinka702r_firmwareRange≤2.1.3

Node

totolinkn302rMatch-

AND

totolinkn302r_firmwareRange≤3.4.0

Node

totolinkn300rtMatch-

AND

totolinkn300rt_firmwareRange≤3.4.0

Node

totolinkn200reMatch-

AND

totolinkn200re_firmwareRange≤4.0.0

Node

totolinkn150rtMatch-

AND

totolinkn150rt_firmwareRange≤3.4.0

Node

totolinkn100reMatch-

AND

totolinkn100re_firmwareRange≤3.4.0

Node

realtekrtk_11n_apMatch-

AND

realtekrtk_11n_ap_firmwareRange≤2019-12-12

Node

sapidogr297n_firmwareRange≤2019-12-12

AND

sapidogr297nMatch-

Node

ciktelmesh_router_firmwareRange≤2019-12-12

AND

ciktelmesh_routerMatch-

Node

kctvjejuwireless_ap_firmwareRange≤2019-12-12

AND

kctvjejuwireless_apMatch-

Node

fg-productsfgn-r2_firmwareRange≤2019-12-12

AND

fg-productsfgn-r2Match-

Node

hiwifimax-c300n_firmwareRange≤2019-12-12

AND

hiwifimax-c300nMatch-

Node

tbroadgn-866ac_firmwareRange≤2019-12-12

AND

tbroadgn-866acMatch-

Node

coshipemta_ap_firmwreRange≤2019-12-12

AND

coshipemta_apMatch-

Node

iodatawn-ac1167r_firmwreRange≤2019-12-12

AND

iodatawn-ac1167rMatch-

Node

hcn_max-c300n_projecthcn_max-c300n_firmwareRange≤2019-12-12

AND

hcn_max-c300n_projecthcn_max-c300nMatch-

Node

totolinkn301rt_firmwareRange≤2.1.6

AND

totolinkn301rtMatch-

VendorProductVersionCPE
totolinka3002ru-cpe:2.3:h:totolink:a3002ru:-:*:*:*:*:*:*:*
totolinka3002ru_firmware*cpe:2.3:o:totolink:a3002ru_firmware:*:*:*:*:*:*:*:*
totolinka702r-cpe:2.3:h:totolink:a702r:-:*:*:*:*:*:*:*
totolinka702r_firmware*cpe:2.3:o:totolink:a702r_firmware:*:*:*:*:*:*:*:*
totolinkn302r-cpe:2.3:h:totolink:n302r:-:*:*:*:*:*:*:*
totolinkn302r_firmware*cpe:2.3:o:totolink:n302r_firmware:*:*:*:*:*:*:*:*
totolinkn300rt-cpe:2.3:h:totolink:n300rt:-:*:*:*:*:*:*:*
totolinkn300rt_firmware*cpe:2.3:o:totolink:n300rt_firmware:*:*:*:*:*:*:*:*
totolinkn200re-cpe:2.3:h:totolink:n200re:-:*:*:*:*:*:*:*
totolinkn200re_firmware*cpe:2.3:o:totolink:n200re_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
totolink	a3002ru	-	cpe:2.3:h:totolink:a3002ru:-:::::::*
totolink	a3002ru_firmware	*	cpe:2.3:o:totolink:a3002ru_firmware::::::::
totolink	a702r	-	cpe:2.3:h:totolink:a702r:-:::::::*
totolink	a702r_firmware	*	cpe:2.3:o:totolink:a702r_firmware::::::::
totolink	n302r	-	cpe:2.3:h:totolink:n302r:-:::::::*
totolink	n302r_firmware	*	cpe:2.3:o:totolink:n302r_firmware::::::::
totolink	n300rt	-	cpe:2.3:h:totolink:n300rt:-:::::::*
totolink	n300rt_firmware	*	cpe:2.3:o:totolink:n300rt_firmware::::::::
totolink	n200re	-	cpe:2.3:h:totolink:n200re:-:::::::*
totolink	n200re_firmware	*	cpe:2.3:o:totolink:n200re_firmware::::::::

Rows per page:

1-10 of 361

References

opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz

packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html

seclists.org/fulldisclosure/2020/Jan/36

seclists.org/fulldisclosure/2020/Jan/38

github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#L13

sploit.tech

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.016

Percentile

87.4%

JSON

Related for NVD:CVE-2019-19822

cvelist1 cve1 prion1 packetstorm1 zdt1