high
7.5
CWE
306
Advisory Published
Updated

CVE-2019-19822

First published: Mon Jan 27 2020(Updated: )

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Totolink A3002ru Firmware<=2.0.0
TOTOLINK A3002RU
Totolink A702r Firmware<=2.1.3
Totolink A702r
Totolink N302r Firmware<=3.4.0
Totolink N302r
Totolink N300rt Firmware<=3.4.0
TOTOLINK N300RT
Totolink N200re Firmware<=4.0.0
Totolink N200RE
Totolink N150rt Firmware<=3.4.0
Totolink N150rt
Totolink N100re Firmware<=3.4.0
Totolink N100re
Realtek Rtk 11n Ap Firmware<=2019-12-12
Realtek Rtk 11n Ap
Sapido Gr297n Firmware<=2019-12-12
Sapido GR297n
Ciktel Mesh Router Firmware<=2019-12-12
Ciktel Mesh Router
Kctvjeju Wireless Ap Firmware<=2019-12-12
KCTVJEJU Wireless AP
Fg-products Fgn-r2 Firmware<=2019-12-12
Fg-products Fgn-r2
Hiwifi Max-c300n Firmware<=2019-12-12
Hiwifi Max-c300n
Tbroad Gn-866ac Firmware<=2019-12-12
Tbroad Gn-866ac
Coship Emta Ap Firmwre<=2019-12-12
Coship EMTA AP
Iodata Wn-ac1167r Firmwre<=2019-12-12
Iodata Wn-ac1167r
Hcn Max-c300n Project Hcn Max-c300n Firmware<=2019-12-12
Hcn Max-c300n Project Hcn Max-c300n
Totolink N301rt Firmware<=2.1.6
Totolink N301rt

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the vulnerability ID for this vulnerability?

    The vulnerability ID for this vulnerability is CVE-2019-19822.

  • What is the severity level of CVE-2019-19822?

    The severity level of CVE-2019-19822 is high with a severity value of 7.5.

  • Which routers are affected by CVE-2019-19822?

    CVE-2019-19822 affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R, and other models.

  • How can remote attackers exploit this vulnerability?

    Remote attackers can exploit CVE-2019-19822 to retrieve the router configuration, including sensitive data such as usernames and passwords.

  • Are there any references available for CVE-2019-19822?

    Yes, you can refer to the following links for more information: [Link 1](http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz), [Link 2](http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html), [Link 3](http://seclists.org/fulldisclosure/2020/Jan/36).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203