high
7.5
CWE
306
Advisory Published
Updated

CVE-2019-19822

First published: Mon Jan 27 2020(Updated: )

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
TOTOLINK A3002RU<=2.0.0
TOTOLINK A3002R
Totolink A702R<=2.1.3
Totolink A702R-v2
Totolink N302r Plus<=3.4.0
Totolink N302R
Totolink N300RT Firmware<=3.4.0
Totolink N300RT Firmware
Totolink N200re Firmware<=4.0.0
Totolink N200re Firmware
Totolink N150rt<=3.4.0
Totolink N150rt Firmware
Totolink N100RE Firmware<=3.4.0
Totolink N100RE Firmware
Realtek Rtk 11n Ap<=2019-12-12
Realtek Rtk 11n Ap Firmware
Sapido GR297n Firmware<=2019-12-12
Sapido GR297n Firmware
Ciktel Mesh Router Firmware<=2019-12-12
Ciktel Mesh Router Firmware
Kctvjeju Wireless Ap Firmware<=2019-12-12
Kctvjeju Wireless Ap Firmware
Fg-products Fgn-r2<=2019-12-12
Fg-products Fgn-r2 Firmware
Hiwifi Max-c300n<=2019-12-12
Hiwifi Max-c300n Firmware
Tbroad Gn-866ac<=2019-12-12
Tbroad Gn-866ac Firmware
Coship EMTA AP<=2019-12-12
Coship EMTA AP
Iodata WN-AC1167R Firmware<=2019-12-12
Iodata WN-AC1167R
Hiwifi Max-c300n<=2019-12-12
Hiwifi Max-c300n
Totolink N301rt Firmware<=2.1.6
Totolink N301rt Firmware

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the vulnerability ID for this vulnerability?

    The vulnerability ID for this vulnerability is CVE-2019-19822.

  • What is the severity level of CVE-2019-19822?

    The severity level of CVE-2019-19822 is high with a severity value of 7.5.

  • Which routers are affected by CVE-2019-19822?

    CVE-2019-19822 affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R, and other models.

  • How can remote attackers exploit this vulnerability?

    Remote attackers can exploit CVE-2019-19822 to retrieve the router configuration, including sensitive data such as usernames and passwords.

  • Are there any references available for CVE-2019-19822?

    Yes, you can refer to the following links for more information: [Link 1](http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz), [Link 2](http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html), [Link 3](http://seclists.org/fulldisclosure/2020/Jan/36).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203