CVE-2019-19823
First published: Mon Jan 27 2020(Updated: )
A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TOTOLINK A3002RU | <=2.0.0 | |
| TOTOLINK A3002R | ||
| Totolink A702R | <=2.1.3 | |
| Totolink A702R-v2 | ||
| Totolink N302r Plus | <=3.4.0 | |
| Totolink N302R | ||
| Totolink N300RT Firmware | <=3.4.0 | |
| Totolink N300RT Firmware | ||
| Totolink N200re Firmware | <=4.0.0 | |
| Totolink N200re Firmware | ||
| Totolink N150rt | <=3.4.0 | |
| Totolink N150rt Firmware | ||
| Totolink N100RE Firmware | <=3.4.0 | |
| Totolink N100RE Firmware | ||
| Realtek Rtk 11n Ap | <=2019-12-12 | |
| Realtek Rtk 11n Ap Firmware | ||
| Sapido GR297n Firmware | <=2019-12-12 | |
| Sapido GR297n Firmware | ||
| Ciktel Mesh Router Firmware | <=2019-12-12 | |
| Ciktel Mesh Router Firmware | ||
| Kctvjeju Wireless Ap Firmware | <=2019-12-12 | |
| Kctvjeju Wireless Ap Firmware | ||
| Fg-products Fgn-r2 | <=2019-12-12 | |
| Fg-products Fgn-r2 Firmware | ||
| Hiwifi Max-c300n | <=2019-12-12 | |
| Hiwifi Max-c300n Firmware | ||
| Tbroad Gn-866ac | <=2019-12-12 | |
| Tbroad Gn-866ac Firmware | ||
| Coship EMTA AP | <=2019-12-12 | |
| Coship EMTA AP | ||
| Iodata WN-AC1167R Firmware | <=2019-12-12 | |
| Iodata WN-AC1167R | ||
| Hiwifi Max-c300n | <=2019-12-12 | |
| Hiwifi Max-c300n | ||
| Totolink N301rt Firmware | <=2.1.6 | |
| Totolink N301rt Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz
- http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html
- http://seclists.org/fulldisclosure/2020/Jan/36
- http://seclists.org/fulldisclosure/2020/Jan/38
- https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#L13
- https://sploit.tech
Frequently Asked Questions
What is CVE-2019-19823?
CVE-2019-19823 is a vulnerability in certain router administration interfaces where cleartext administrative passwords are stored in flash memory and in a file.
Which devices are affected by CVE-2019-19823?
TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0.
What is the severity of CVE-2019-19823?
The severity of CVE-2019-19823 is high with a CVSS score of 7.5.
How can I fix the CVE-2019-19823 vulnerability?
To fix the CVE-2019-19823 vulnerability, it is recommended to update the firmware of the affected devices to the latest version provided by the manufacturer.
Where can I find more information about CVE-2019-19823?
You can find more information about CVE-2019-19823 on the following references: [link1](http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz), [link2](http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html), [link3](http://seclists.org/fulldisclosure/2020/Jan/36)
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- vendor/totolink
- canonical/totolink a3002ru
- version/totolink a3002ru/2.0.0
- canonical/totolink a3002r
- canonical/totolink a702r
- version/totolink a702r/2.1.3
- canonical/totolink a702r-v2
- canonical/totolink n302r plus
- version/totolink n302r plus/3.4.0
- canonical/totolink n302r
- canonical/totolink n300rt firmware
- version/totolink n300rt firmware/3.4.0
- canonical/totolink n200re firmware
- version/totolink n200re firmware/4.0.0
- canonical/totolink n150rt
- version/totolink n150rt/3.4.0
- canonical/totolink n150rt firmware
- canonical/totolink n100re firmware
- version/totolink n100re firmware/3.4.0
- vendor/realtek
- canonical/realtek rtk 11n ap
- version/realtek rtk 11n ap/2019-12-12
- canonical/realtek rtk 11n ap firmware
- vendor/sapido
- canonical/sapido gr297n firmware
- version/sapido gr297n firmware/2019-12-12
- vendor/ciktel
- canonical/ciktel mesh router firmware
- version/ciktel mesh router firmware/2019-12-12
- vendor/kctvjeju
- canonical/kctvjeju wireless ap firmware
- version/kctvjeju wireless ap firmware/2019-12-12
- vendor/fg-products
- canonical/fg-products fgn-r2
- version/fg-products fgn-r2/2019-12-12
- canonical/fg-products fgn-r2 firmware
- vendor/hiwifi
- canonical/hiwifi max-c300n
- version/hiwifi max-c300n/2019-12-12
- canonical/hiwifi max-c300n firmware
- vendor/tbroad
- canonical/tbroad gn-866ac
- version/tbroad gn-866ac/2019-12-12
- canonical/tbroad gn-866ac firmware
- vendor/coship
- canonical/coship emta ap
- version/coship emta ap/2019-12-12
- vendor/iodata
- canonical/iodata wn-ac1167r firmware
- version/iodata wn-ac1167r firmware/2019-12-12
- canonical/iodata wn-ac1167r
- vendor/hcn max-c300n project
- canonical/totolink n301rt firmware
- version/totolink n301rt firmware/2.1.6