CVE-2019-19823
27.01.2020, 18:15
A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.Enginsight
| Vendor | Product | Version |
|---|---|---|
| totolink | a3002ru_firmware | 𝑥 ≤ 2.0.0 |
| totolink | a702r_firmware | 𝑥 ≤ 2.1.3 |
| totolink | n302r_firmware | 𝑥 ≤ 3.4.0 |
| totolink | n300rt_firmware | 𝑥 ≤ 3.4.0 |
| totolink | n200re_firmware | 𝑥 ≤ 4.0.0 |
| totolink | n150rt_firmware | 𝑥 ≤ 3.4.0 |
| totolink | n100re_firmware | 𝑥 ≤ 3.4.0 |
| realtek | rtk_11n_ap_firmware | 𝑥 ≤ 2019-12-12 |
| sapido | gr297n_firmware | 𝑥 ≤ 2019-12-12 |
| ciktel | mesh_router_firmware | 𝑥 ≤ 2019-12-12 |
| kctvjeju | wireless_ap_firmware | 𝑥 ≤ 2019-12-12 |
| fg-products | fgn-r2_firmware | 𝑥 ≤ 2019-12-12 |
| hiwifi | max-c300n_firmware | 𝑥 ≤ 2019-12-12 |
| tbroad | gn-866ac_firmware | 𝑥 ≤ 2019-12-12 |
| coship | emta_ap_firmwre | 𝑥 ≤ 2019-12-12 |
| iodata | wn-ac1167r_firmwre | 𝑥 ≤ 2019-12-12 |
| hcn_max-c300n_project | hcn_max-c300n_firmware | 𝑥 ≤ 2019-12-12 |
| totolink | n301rt_firmware | 𝑥 ≤ 2.1.6 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References