Sign-up

ID

VAR-201906-0212


CVE

CVE-2019-7311


TITLE

Linksys WRT1900ACS Cryptographic vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-005290

DESCRIPTION

An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. A lack of encryption in how the user login cookie (admin-auth) is stored on a victim's computer results in the admin password being discoverable by a local attacker, and usable to gain administrative access to the victim's router. The admin password is stored in base64 cleartext in an "admin-auth" cookie. An attacker sniffing the network at the time of login could acquire the router's admin password. Alternatively, gaining physical access to the victim's computer soon after an administrative login could result in compromise. Linksys WRT1900ACS The device contains cryptographic vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Linksys WRT1900ACS is a wireless router from Linksys. In Linksys WRT1900ACS version 1.0.3.187766, there is an encryption vulnerability in the storage method of user login key. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text

Trust: 1.71

sources: NVD: CVE-2019-7311 // JVNDB: JVNDB-2019-005290 // VULHUB: VHN-158746

AFFECTED PRODUCTS

vendor:linksysmodel:wrt1900acsscope:eqversion:1.0.3.187766

Trust: 1.0

vendor:cisco linksysmodel:wrt1900acsscope:eqversion:1.0.3.187766

Trust: 0.8

sources: JVNDB: JVNDB-2019-005290 // NVD: CVE-2019-7311

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7311
value: HIGH

Trust: 1.0

NVD: CVE-2019-7311
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201906-259
value: HIGH

Trust: 0.6

VULHUB: VHN-158746
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-7311
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-158746
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-7311
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-158746 // JVNDB: JVNDB-2019-005290 // CNNVD: CNNVD-201906-259 // NVD: CVE-2019-7311

PROBLEMTYPE DATA

problemtype:CWE-311

Trust: 1.0

problemtype:CWE-310

Trust: 0.9

sources: VULHUB: VHN-158746 // JVNDB: JVNDB-2019-005290 // NVD: CVE-2019-7311

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201906-259

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201906-259

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005290

PATCH
title:Top Pageurl:https://www.linksys.com/us/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-005290

EXTERNAL IDS
db:NVDid:CVE-2019-7311
Trust: 2.5
db:JVNDBid:JVNDB-2019-005290
Trust: 0.8
db:CNNVDid:CNNVD-201906-259
Trust: 0.7
db:VULHUBid:VHN-158746
Trust: 0.1
sources:
            
            
            VULHUB: VHN-158746 // 
            
            
            
            JVNDB: JVNDB-2019-005290 // 
            
            
            
            CNNVD: CNNVD-201906-259 // 
            
            
            
            NVD: CVE-2019-7311

REFERENCES
url:http://www.x0rsecurity.com/2019/05/03/my-first-cve-linksys-wrt-1300-acs-cve-2019-7311/
Trust: 2.5
url:https://robot-security.blogspot.com
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-7311
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7311
Trust: 0.8
sources:
            
            
            VULHUB: VHN-158746 // 
            
            
            
            JVNDB: JVNDB-2019-005290 // 
            
            
            
            CNNVD: CNNVD-201906-259 // 
            
            
            
            NVD: CVE-2019-7311

SOURCES
db:VULHUBid:VHN-158746
db:JVNDBid:JVNDB-2019-005290
db:CNNVDid:CNNVD-201906-259
db:NVDid:CVE-2019-7311

LAST UPDATE DATE
2024-11-23T22:06:11.055000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-158746date:2019-06-09T00:00:00
db:JVNDBid:JVNDB-2019-005290date:2019-06-18T00:00:00
db:CNNVDid:CNNVD-201906-259date:2019-06-20T00:00:00
db:NVDid:CVE-2019-7311date:2024-11-21T04:47:59.090

SOURCES RELEASE DATE
db:VULHUBid:VHN-158746date:2019-06-06T00:00:00
db:JVNDBid:JVNDB-2019-005290date:2019-06-18T00:00:00
db:CNNVDid:CNNVD-201906-259date:2019-06-06T00:00:00
db:NVDid:CVE-2019-7311date:2019-06-06T16:29:01.823