First published: Thu Nov 21 2019(Updated: )
Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linksys Velop Whw0303 Firmware | =1.1.8.192419 | |
Linksys Velop Whw0303 | ||
Linksys Velop Whw0302 Firmware | =1.1.8.192419 | |
Linksys Velop Whw0302 | ||
Linksys Velop Whw0301 Firmware | =1.1.8.192419 | |
Linksys Velop Whw0301 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-16340 is a vulnerability in Belkin Linksys Velop 1.1.8.192419 devices that allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI.
CVE-2019-16340 has a severity rating of 9.8 (critical).
CVE-2019-16340 affects Linksys Velop Whw0303 Firmware version 1.1.8.192419.
To fix CVE-2019-16340, update your Belkin Linksys Velop device to the latest firmware version.
You can find more information about CVE-2019-16340 in the release notes provided by Linksys and the referenced URLs in the description.