Vulnerability Description
An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. A lack of encryption in how the user login cookie (admin-auth) is stored on a victim's computer results in the admin password being discoverable by a local attacker, and usable to gain administrative access to the victim's router. The admin password is stored in base64 cleartext in an "admin-auth" cookie. An attacker sniffing the network at the time of login could acquire the router's admin password. Alternatively, gaining physical access to the victim's computer soon after an administrative login could result in compromise.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linksys | Wrt1900Acs Firmware | 1.0.3.187766 |
| Linksys | Wrt1900Acs | - |
Related Weaknesses (CWE)
References
- http://www.x0rsecurity.com/2019/05/03/my-first-cve-linksys-wrt-1300-acs-cve-2019Third Party Advisory
- https://robot-security.blogspot.comThird Party Advisory
- http://www.x0rsecurity.com/2019/05/03/my-first-cve-linksys-wrt-1300-acs-cve-2019Third Party Advisory
- https://robot-security.blogspot.comThird Party Advisory
FAQ
What is CVE-2019-7311?
CVE-2019-7311 is a vulnerability with a CVSS score of 7.8 (HIGH). An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. A lack of encryption in how the user login cookie (admin-auth) is stored on a victim's computer results in the admin password being ...
How severe is CVE-2019-7311?
CVE-2019-7311 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-7311?
Check the references section above for vendor advisories and patch information. Affected products include: Linksys Wrt1900Acs Firmware, Linksys Wrt1900Acs.