{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-01T08:06:24", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#L13"}, {"tags": ["x_refsource_MISC"], "url": "http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz"}, {"tags": ["x_refsource_MISC"], "url": "https://sploit.tech"}, {"name": "20200124 Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Jan/36"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html"}, {"name": "20200131 Re: Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Jan/38"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-19823", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#L13", "refsource": "MISC", "url": "https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#L13"}, {"name": "http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz", "refsource": "MISC", "url": "http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz"}, {"name": "https://sploit.tech", "refsource": "MISC", "url": "https://sploit.tech"}, {"name": "20200124 Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Jan/36"}, {"name": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html"}, {"name": "20200131 Re: Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Jan/38"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-19823", "datePublished": "2020-01-27T17:49:21", "dateReserved": "2019-12-16T00:00:00", "dateUpdated": "2020-02-01T08:06:24", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:totolink:a3002ru_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "87EC51C9-338B-4E98-8455-069319320802", "versionEndIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:totolink:a3002ru:-:*:*:*:*:*:*:*", "matchCriteriaId": "21945D3C-27AA-4614-8D5D-C22DE8C56F94", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:totolink:a702r_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "28C67D43-7914-4AF3-9DF8-E1BF41F1AC89", "versionEndIncluding": "2.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:totolink:a702r:-:*:*:*:*:*:*:*", "matchCriteriaId": "49D3C58B-4632-464E-A0A6-33807E9A1842", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:totolink:n302r_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "71A22EA9-F5A5-4789-96F4-3C8600BC4848", "versionEndIncluding": "3.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:totolink:n302r:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0E1D2C0-02F5-4933-9DEB-89F711052D69", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:totolink:n300rt_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E826FD1-C8F6-4301-972F-1B3949F59275", "versionEndIncluding": "3.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:totolink:n300rt:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0581174-E6B1-4E3D-8384-7852EC53FC14", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:totolink:n200re_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "47025B3A-648B-4F89-AEA0-C76B348CBAFB", "versionEndIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:totolink:n200re:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF7FF59-DB13-4FEA-A81C-124048BF1676", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:totolink:n150rt_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E096F9E2-08E5-4B44-A83A-FB659D898DB5", "versionEndIncluding": "3.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:totolink:n150rt:-:*:*:*:*:*:*:*", "matchCriteriaId": "7525BE05-F394-4ED7-B7A6-F9005EDE90D7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:totolink:n100re_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "635C33EA-BEF1-4C7E-8E3A-5ED5DF79358D", "versionEndIncluding": "3.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:totolink:n100re:-:*:*:*:*:*:*:*", "matchCriteriaId": "30CA1251-C9EA-498E-9AD4-627CA9B1A007", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:realtek:rtk_11n_ap_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D7DC458-0BD5-4ACC-BBB9-C197CC3750F6", "versionEndIncluding": "2019-12-12", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:realtek:rtk_11n_ap:-:*:*:*:*:*:*:*", "matchCriteriaId": "A57D05B2-3F26-4347-B492-10577555C7C5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sapido:gr297n_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "100BADFD-7AE5-4FA5-AA7E-2A2DD4E389EA", "versionEndIncluding": "2019-12-12", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sapido:gr297n:-:*:*:*:*:*:*:*", "matchCriteriaId": "6841D138-6697-45AF-B2B3-B948E9D1C1BE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ciktel:mesh_router_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F0104B4-F58F-457E-8BC3-59D8AB09CCFE", "versionEndIncluding": "2019-12-12", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ciktel:mesh_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "4D131C72-0CCA-43EF-828C-6F3493E28EA6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kctvjeju:wireless_ap_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7D6C7A5-B474-4B90-8660-6FD80753F6C6", "versionEndIncluding": "2019-12-12", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:kctvjeju:wireless_ap:-:*:*:*:*:*:*:*", "matchCriteriaId": "9A5FE493-E8CA-4A49-924F-CA8B36FE4CE7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fg-products:fgn-r2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "26E3C521-1CA5-48B2-A31E-EFE324E65FA3", "versionEndIncluding": "2019-12-12", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fg-products:fgn-r2:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DB05457-2298-4EF7-92AF-20734388F820", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hiwifi:max-c300n_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A625D9CC-C5BF-45DD-BB1F-9B99942A8226", "versionEndIncluding": "2019-12-12", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hiwifi:max-c300n:-:*:*:*:*:*:*:*", "matchCriteriaId": "DFF019D0-BE73-4934-8ED5-AF721970B957", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tbroad:gn-866ac_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "94DE2DB8-5C07-43C1-8A3B-2473C036DDAD", "versionEndIncluding": "2019-12-12", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tbroad:gn-866ac:-:*:*:*:*:*:*:*", "matchCriteriaId": "4293319C-3203-4895-A13A-88B038CAC8AB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:coship:emta_ap_firmwre:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FCB904D-E749-47F6-BBA6-2364AB71F641", "versionEndIncluding": "2019-12-12", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:coship:emta_ap:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE7F255A-8862-421E-BCD0-B969E91CB7B1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:iodata:wn-ac1167r_firmwre:*:*:*:*:*:*:*:*", "matchCriteriaId": "D94D7F0E-BC34-4156-84E4-26915C15F339", "versionEndIncluding": "2019-12-12", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:iodata:wn-ac1167r:-:*:*:*:*:*:*:*", "matchCriteriaId": "F2817701-D241-4CB0-A64D-63E6F62C16E7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hcn_max-c300n_project:hcn_max-c300n_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F567584-3737-46DB-B47D-DAF9EC8D0F52", "versionEndIncluding": "2019-12-12", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hcn_max-c300n_project:hcn_max-c300n:-:*:*:*:*:*:*:*", "matchCriteriaId": "13A8BAB7-1C95-4F79-B22C-73A5D8FF7079", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:totolink:n301rt_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "87A0ECEA-3FA7-4ADF-ACFA-6C4B93373DA3", "versionEndIncluding": "2.1.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:totolink:n301rt:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE1ED560-8B9F-40D2-AD91-6D5D4290ED79", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12."}, {"lang": "es", "value": "Una determinada interfaz de administraci\u00f3n de enrutador (que incluye Realtek APMIB versi\u00f3n 0.11f para Boa versi\u00f3n 0.94.14rc21), almacena contrase\u00f1as administrativas de texto sin cifrar en la memoria flash y en un archivo. Esto afecta a TOTOLINK A3002RU versiones hasta 2.0.0, A702R versiones hasta 2.1.3, N301RT versiones hasta 2.1.6, N302R versiones hasta 3.4.0, N300RT versiones hasta 3.4.0, N200RE versiones hasta 4.0.0, N150RT versiones hasta 3.4.0 y N100RE versiones hasta 3.4. 0; Rutek RTK 11N AP hasta el 12-12-2019; Sapido GR297n hasta el 12-12-2019; ROUTER CIK TELECOM MESH hasta 12-12-2019; KCTVJEJU Wireless AP hasta el 12-12-2019; Fibergate FGN-R2 hasta el 12-12-2019; Hi-Wifi MAX-C300N hasta el 12-12-2019; HCN MAX-C300N hasta el 12-12-2019; GN-866ac T-wide hasta el 12-12-2019; Coship EMTA AP hasta el 12-12-2019; y IO-Data WN-AC1167R hasta el 12-12-2019."}], "id": "CVE-2019-19823", "lastModified": "2020-02-06T16:04:39.370", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-27T18:15:12.883", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Jan/36"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Jan/38"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#L13"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://sploit.tech"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}