high
7.5
CWE
522
Advisory Published
Updated

CVE-2019-19823

First published: Mon Jan 27 2020(Updated: )

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Totolink A3002ru Firmware<=2.0.0
TOTOLINK A3002RU
Totolink A702r Firmware<=2.1.3
Totolink A702r
Totolink N302r Firmware<=3.4.0
Totolink N302r
Totolink N300rt Firmware<=3.4.0
TOTOLINK N300RT
Totolink N200re Firmware<=4.0.0
Totolink N200RE
Totolink N150rt Firmware<=3.4.0
Totolink N150rt
Totolink N100re Firmware<=3.4.0
Totolink N100re
Realtek Rtk 11n Ap Firmware<=2019-12-12
Realtek Rtk 11n Ap
Sapido Gr297n Firmware<=2019-12-12
Sapido GR297n
Ciktel Mesh Router Firmware<=2019-12-12
Ciktel Mesh Router
Kctvjeju Wireless Ap Firmware<=2019-12-12
KCTVJEJU Wireless AP
Fg-products Fgn-r2 Firmware<=2019-12-12
Fg-products Fgn-r2
Hiwifi Max-c300n Firmware<=2019-12-12
Hiwifi Max-c300n
Tbroad Gn-866ac Firmware<=2019-12-12
Tbroad Gn-866ac
Coship Emta Ap Firmwre<=2019-12-12
Coship EMTA AP
Iodata Wn-ac1167r Firmwre<=2019-12-12
Iodata Wn-ac1167r
Hcn Max-c300n Project Hcn Max-c300n Firmware<=2019-12-12
Hcn Max-c300n Project Hcn Max-c300n
Totolink N301rt Firmware<=2.1.6
Totolink N301rt

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2019-19823?

    CVE-2019-19823 is a vulnerability in certain router administration interfaces where cleartext administrative passwords are stored in flash memory and in a file.

  • Which devices are affected by CVE-2019-19823?

    TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0.

  • What is the severity of CVE-2019-19823?

    The severity of CVE-2019-19823 is high with a CVSS score of 7.5.

  • How can I fix the CVE-2019-19823 vulnerability?

    To fix the CVE-2019-19823 vulnerability, it is recommended to update the firmware of the affected devices to the latest version provided by the manufacturer.

  • Where can I find more information about CVE-2019-19823?

    You can find more information about CVE-2019-19823 on the following references: [link1](http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz), [link2](http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html), [link3](http://seclists.org/fulldisclosure/2020/Jan/36)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203