Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-19822

CWE-306Missing Authentication4 documents4 sources
Severity
7.5HIGH
EPSS
43.0%
top 2.51%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
18
Ciktel Mesh Router FirmwareCoship Emta AP FirmwreFg-products Fgn-r2 Firmware+15 more
Timeline
PublishedJan 27
Latest updateMay 24

Description

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages18 packages

NVDcoship/emta_ap_firmwre2019-12-12
NVDsapido/gr297n_firmware2019-12-12

🔴Vulnerability Details

2
GHSA
GHSA-552g-mhvj-f64v: A certain router administration interface (that includes Realtek APMIB 02022-05-24
CVEList
CVE-2019-19822: A certain router administration interface (that includes Realtek APMIB 02020-01-27

💥Exploits & PoCs

1
Nuclei
TOTOLINK/Realtek Routers - Information Disclosure