CVE-2019-19825 — CRITICAL (9.8)

Q: How severe is CVE-2019-19825?

CVE-2019-19825 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2019-19825?

Check the references section above for vendor advisories and patch information. Affected products include: Totolink A3002Ru Firmware, Totolink A3002Ru, Totolink A702R Firmware, Totolink A702R, Totolink N301Rt Firmware.

Vulnerability Description

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform router actions via HTTP requests with Basic Authentication.) This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Totolink	A3002Ru Firmware	<= 2.0.0
Totolink	A3002Ru	-
Totolink	A702R Firmware	<= 2.1.3
Totolink	A702R	-
Totolink	N301Rt Firmware	<= 2.1.6
Totolink	N301Rt	-
Totolink	N302R Firmware	<= 3.4.0
Totolink	N302R	-
Totolink	N300Rt Firmware	<= 3.4.0
Totolink	N300Rt	-
Totolink	N200Re Firmware	<= 4.0.0
Totolink	N200Re	-
Totolink	N150Rt Firmware	<= 3.4.0
Totolink	N150Rt	-
Totolink	N100Re Firmware	<= 3.4.0
Totolink	N100Re	-

Related Weaknesses (CWE)

CWE-287

References

http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-CThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2020/Jan/36Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2020/Jan/38Mailing ListThird Party Advisory
https://sploit.techExploitThird Party Advisory
http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-CThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2020/Jan/36Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2020/Jan/38Mailing ListThird Party Advisory
https://sploit.techExploitThird Party Advisory

FAQ

What is CVE-2019-19825?

CVE-2019-19825 is a vulnerability with a CVSS score of 9.8 (CRITICAL). On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTC...

How severe is CVE-2019-19825?

CVE-2019-19825 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-19825?

Check the references section above for vendor advisories and patch information. Affected products include: Totolink A3002Ru Firmware, Totolink A3002Ru, Totolink A702R Firmware, Totolink A702R, Totolink N301Rt Firmware.