CVE-2019-19822 — HIGH (7.5)

Q: How severe is CVE-2019-19822?

CVE-2019-19822 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-19822?

Check the references section above for vendor advisories and patch information. Affected products include: Totolink A3002Ru Firmware, Totolink A3002Ru, Totolink A702R Firmware, Totolink A702R, Totolink N302R Firmware.

Vulnerability Description

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Totolink	A3002Ru Firmware	<= 2.0.0
Totolink	A3002Ru	-
Totolink	A702R Firmware	<= 2.1.3
Totolink	A702R	-
Totolink	N302R Firmware	<= 3.4.0
Totolink	N302R	-
Totolink	N300Rt Firmware	<= 3.4.0
Totolink	N300Rt	-
Totolink	N200Re Firmware	<= 4.0.0
Totolink	N200Re	-
Totolink	N150Rt Firmware	<= 3.4.0
Totolink	N150Rt	-
Totolink	N100Re Firmware	<= 3.4.0
Totolink	N100Re	-
Realtek	Rtk 11N Ap Firmware	<= 2019-12-12
Realtek	Rtk 11N Ap	-
Sapido	Gr297N Firmware	<= 2019-12-12
Sapido	Gr297N	-
Ciktel	Mesh Router Firmware	<= 2019-12-12
Ciktel	Mesh Router	-

Related Weaknesses (CWE)

CWE-306

References

http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgzExploitThird Party Advisory
http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-CExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2020/Jan/36Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2020/Jan/38ExploitMailing ListThird Party Advisory
https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rThird Party Advisory
https://sploit.techThird Party Advisory
http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgzExploitThird Party Advisory
http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-CExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2020/Jan/36Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2020/Jan/38ExploitMailing ListThird Party Advisory
https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rThird Party Advisory
https://sploit.techThird Party Advisory

FAQ

What is CVE-2019-19822?

CVE-2019-19822 is a vulnerability with a CVSS score of 7.5 (HIGH). A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwor...

How severe is CVE-2019-19822?

CVE-2019-19822 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-19822?

Check the references section above for vendor advisories and patch information. Affected products include: Totolink A3002Ru Firmware, Totolink A3002Ru, Totolink A702R Firmware, Totolink A702R, Totolink N302R Firmware.