CVE-2019-19823
Summary
| CVE | CVE-2019-19823 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-01-27 18:15:00 UTC |
| Updated | 2020-02-06 16:04:00 UTC |
| Description | A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12. |
Risk And Classification
Problem Types: CWE-522
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Ciktel | Mesh Router | - | All | All | All |
| Hardware | Ciktel | Mesh Router | - | All | All | All |
| Operating System | Ciktel | Mesh Router Firmware | All | All | All | All |
| Hardware | Coship | Emta Ap | - | All | All | All |
| Hardware | Coship | Emta Ap | - | All | All | All |
| Operating System | Coship | Emta Ap Firmwre | All | All | All | All |
| Hardware | Fg-products | Fgn-r2 | - | All | All | All |
| Hardware | Fg-products | Fgn-r2 | - | All | All | All |
| Operating System | Fg-products | Fgn-r2 Firmware | All | All | All | All |
| Hardware | Hcn Max-c300n Project | Hcn Max-c300n | - | All | All | All |
| Hardware | Hcn Max-c300n Project | Hcn Max-c300n | - | All | All | All |
| Operating System | Hcn Max-c300n Project | Hcn Max-c300n Firmware | All | All | All | All |
| Hardware | Hiwifi | Max-c300n | - | All | All | All |
| Hardware | Hiwifi | Max-c300n | - | All | All | All |
| Operating System | Hiwifi | Max-c300n Firmware | All | All | All | All |
| Hardware | Iodata | Wn-ac1167r | - | All | All | All |
| Hardware | Iodata | Wn-ac1167r | - | All | All | All |
| Operating System | Iodata | Wn-ac1167r Firmwre | All | All | All | All |
| Hardware | Kctvjeju | Wireless Ap | - | All | All | All |
| Hardware | Kctvjeju | Wireless Ap | - | All | All | All |
| Operating System | Kctvjeju | Wireless Ap Firmware | All | All | All | All |
| Hardware | Realtek | Rtk 11n Ap | - | All | All | All |
| Hardware | Realtek | Rtk 11n Ap | - | All | All | All |
| Operating System | Realtek | Rtk 11n Ap Firmware | All | All | All | All |
| Hardware | Sapido | Gr297n | - | All | All | All |
| Hardware | Sapido | Gr297n | - | All | All | All |
| Operating System | Sapido | Gr297n Firmware | All | All | All | All |
| Hardware | Tbroad | Gn-866ac | - | All | All | All |
| Hardware | Tbroad | Gn-866ac | - | All | All | All |
| Operating System | Tbroad | Gn-866ac Firmware | All | All | All | All |
| Hardware | Totolink | A3002ru | - | All | All | All |
| Hardware | Totolink | A3002ru | - | All | All | All |
| Operating System | Totolink | A3002ru Firmware | All | All | All | All |
| Hardware | Totolink | A702r | - | All | All | All |
| Hardware | Totolink | A702r | - | All | All | All |
| Operating System | Totolink | A702r Firmware | All | All | All | All |
| Hardware | Totolink | N100re | - | All | All | All |
| Hardware | Totolink | N100re | - | All | All | All |
| Operating System | Totolink | N100re Firmware | All | All | All | All |
| Hardware | Totolink | N150rt | - | All | All | All |
| Hardware | Totolink | N150rt | - | All | All | All |
| Operating System | Totolink | N150rt Firmware | All | All | All | All |
| Hardware | Totolink | N200re | - | All | All | All |
| Hardware | Totolink | N200re | - | All | All | All |
| Operating System | Totolink | N200re Firmware | All | All | All | All |
| Hardware | Totolink | N300rt | - | All | All | All |
| Hardware | Totolink | N300rt | - | All | All | All |
| Operating System | Totolink | N300rt Firmware | All | All | All | All |
| Hardware | Totolink | N301rt | - | All | All | All |
| Hardware | Totolink | N301rt | - | All | All | All |
| Operating System | Totolink | N301rt Firmware | All | All | All | All |
| Hardware | Totolink | N302r | - | All | All | All |
| Hardware | Totolink | N302r | - | All | All | All |
| Operating System | Totolink | N302r Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz | MISC | opensource.actiontec.com | Exploit, Third Party Advisory |
| sploit.tech | MISC | sploit.tech | Third Party Advisory |
| wecb/apmib.h at 755ce19a493c78270c04b5aaf39664f0cddbb420 · Saturn49/wecb · GitHub | MISC | github.com | Third Party Advisory |
| Realtek SDK Information Disclosure / Code Execution ≈ Packet Storm | MISC | packetstormsecurity.com | Exploit, Third Party Advisory, VDB Entry |
| Full Disclosure: Re: Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers | FULLDISC | seclists.org | Exploit, Mailing List, Third Party Advisory |
| Full Disclosure: Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers | FULLDISC | seclists.org | Mailing List, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.