CVE-2019-19823

high-risk

Published 2020-01-27

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.

Do I need to act?

35.2% chance of exploitation in next 30 days

EPSS score — higher than 65% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (18)

A3002Ru Firmware

A702R Firmware

N302R Firmware

N300Rt Firmware

N200Re Firmware

N150Rt Firmware

N100Re Firmware

Rtk 11N Ap Firmware

Gr297N Firmware

Mesh Router Firmware

Wireless Ap Firmware

Fgn-R2 Firmware

Max-C300N Firmware

Gn-866Ac Firmware

Emta Ap Firmwre

Wn-Ac1167R Firmwre

Hcn Max-C300N Firmware

N301Rt Firmware

Affected Vendors

Realtek Iodata Coship Totolink Sapido Ciktel Kctvjeju Fg-Products Hiwifi Tbroad Hcn Max-C300N Project

References (12)

Exploit http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz

Exploit http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-C...

Mailing List http://seclists.org/fulldisclosure/2020/Jan/36

Exploit http://seclists.org/fulldisclosure/2020/Jan/38

Third Party Advisory https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/r...

Third Party Advisory https://sploit.tech

Exploit http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz

Exploit http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-C...

Mailing List http://seclists.org/fulldisclosure/2020/Jan/36

Exploit http://seclists.org/fulldisclosure/2020/Jan/38

Third Party Advisory https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/r...

Third Party Advisory https://sploit.tech

/ 100

high-risk

Severity 26/34 · High

Exploitability 16/34 · Moderate

Exposure 19/34 · Moderate