CVE-2019-19143 - OpenCVE

TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi/softup URI.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:A/AC:L/Au:S/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Tp-link	Tl-wr849n Firmware Tl-wr849n

Configuration 1 [-]

AND

cpe:2.3:o:tp-link:tl-wr849n_firmware:0.9.1_4.16:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wr849n:-:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/156586/TP-Link-TL-WR849N-0.9.1-4.16-Authentication-Bypass.html	Exploit Third Party Advisory VDB Entry
https://fireshellsecurity.team/hack-n-routers/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-01-27T18:17:00

Updated: 2020-03-02T17:06:11

Reserved: 2019-11-21T00:00:00

Link: CVE-2019-19143

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-01-27T19:15:11.097

Modified: 2023-02-01T15:19:47.897

Link: CVE-2019-19143

JSON object: View

Redhat Information

No data.

CWE

CWE-306

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:tl-wr849n_firmware:0.9.1_4.16:*:*:*:*:*:*:*", "matchCriteriaId": "0EDA3435-5AEF-408A-B3FB-118B0F5F16FD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:tl-wr849n:-:*:*:*:*:*:*:*", "matchCriteriaId": "C2BC7C22-5455-4394-BAD5-F03122DDC732", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi/softup URI."}, {"lang": "es", "value": "Los dispositivos TP-LINK TL-WR849N versi\u00f3n 0.9.1 4.16, no requieren autenticaci\u00f3n para reemplazar el firmware por medio de una petici\u00f3n POST en el URI cgi/softup."}], "id": "CVE-2019-19143", "lastModified": "2023-02-01T15:19:47.897", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-27T19:15:11.097", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/156586/TP-Link-TL-WR849N-0.9.1-4.16-Authentication-Bypass.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://fireshellsecurity.team/hack-n-routers/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}