CVE-2019-19823 — HIGH (7.5)

Q: How severe is CVE-2019-19823?

CVE-2019-19823 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-19823?

Check the references section above for vendor advisories and patch information. Affected products include: Totolink A3002Ru Firmware, Totolink A3002Ru, Totolink A702R Firmware, Totolink A702R, Totolink N302R Firmware.

Vulnerability Description

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Totolink	A3002Ru Firmware	<= 2.0.0
Totolink	A3002Ru	-
Totolink	A702R Firmware	<= 2.1.3
Totolink	A702R	-
Totolink	N302R Firmware	<= 3.4.0
Totolink	N302R	-
Totolink	N300Rt Firmware	<= 3.4.0
Totolink	N300Rt	-
Totolink	N200Re Firmware	<= 4.0.0
Totolink	N200Re	-
Totolink	N150Rt Firmware	<= 3.4.0
Totolink	N150Rt	-
Totolink	N100Re Firmware	<= 3.4.0
Totolink	N100Re	-
Realtek	Rtk 11N Ap Firmware	<= 2019-12-12
Realtek	Rtk 11N Ap	-
Sapido	Gr297N Firmware	<= 2019-12-12
Sapido	Gr297N	-
Ciktel	Mesh Router Firmware	<= 2019-12-12
Ciktel	Mesh Router	-

Related Weaknesses (CWE)

CWE-522

References

http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgzExploitThird Party Advisory
http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-CExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2020/Jan/36Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2020/Jan/38ExploitMailing ListThird Party Advisory
https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rThird Party Advisory
https://sploit.techThird Party Advisory
http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgzExploitThird Party Advisory
http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-CExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2020/Jan/36Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2020/Jan/38ExploitMailing ListThird Party Advisory
https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rThird Party Advisory
https://sploit.techThird Party Advisory

FAQ

What is CVE-2019-19823?

CVE-2019-19823 is a vulnerability with a CVSS score of 7.5 (HIGH). A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU...

How severe is CVE-2019-19823?

CVE-2019-19823 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-19823?

Check the references section above for vendor advisories and patch information. Affected products include: Totolink A3002Ru Firmware, Totolink A3002Ru, Totolink A702R Firmware, Totolink A702R, Totolink N302R Firmware.