Sign-up

ID

VAR-201906-0418


CVE

CVE-2019-7579


TITLE

Linksys WRT1900ACS Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-005606

DESCRIPTION

An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ability exists for an unauthenticated user to browse a confidential ui/1.0.99.187766/dynamic/js/setup.js.localized file on the router's webserver, allowing for an attacker to identify possible passwords that the system uses to set the default guest network password. An attacker can use this list of 30 words along with a random 2 digit number to brute force their access onto a router's guest network. Linksys WRT1900ACS The device contains vulnerabilities related to certificate and password management.Information may be obtained. Linksys WRT1900ACS is a wireless router from Linksys. A security vulnerability exists in Linksys WRT1900ACS version 1.0.3.187766

Trust: 1.71

sources: NVD: CVE-2019-7579 // JVNDB: JVNDB-2019-005606 // VULHUB: VHN-159014

AFFECTED PRODUCTS

vendor:linksysmodel:wrt1900acsscope:eqversion:1.0.3.187766

Trust: 1.0

vendor:cisco linksysmodel:wrt1900acsscope:eqversion:1.0.3.187766

Trust: 0.8

sources: JVNDB: JVNDB-2019-005606 // NVD: CVE-2019-7579

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7579
value: HIGH

Trust: 1.0

NVD: CVE-2019-7579
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201906-661
value: HIGH

Trust: 0.6

VULHUB: VHN-159014
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-7579
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-159014
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-7579
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-159014 // JVNDB: JVNDB-2019-005606 // CNNVD: CNNVD-201906-661 // NVD: CVE-2019-7579

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-159014 // JVNDB: JVNDB-2019-005606 // NVD: CVE-2019-7579

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-661

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201906-661

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005606

PATCH
title:Top Pageurl:https://www.linksys.com/us/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-005606

EXTERNAL IDS
db:NVDid:CVE-2019-7579
Trust: 2.5
db:JVNDBid:JVNDB-2019-005606
Trust: 0.8
db:CNNVDid:CNNVD-201906-661
Trust: 0.7
db:VULHUBid:VHN-159014
Trust: 0.1
sources:
            
            
            VULHUB: VHN-159014 // 
            
            
            
            JVNDB: JVNDB-2019-005606 // 
            
            
            
            CNNVD: CNNVD-201906-661 // 
            
            
            
            NVD: CVE-2019-7579

REFERENCES
url:http://www.x0rsecurity.com/2019/06/09/my-second-cve-linksys-wrt-acs-cve-2019-7579-or-as-i-call-it-acceptance-no-one-considers-security-by-design/
Trust: 2.5
url:https://robot-security.blogspot.com
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-7579
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7579
Trust: 0.8
sources:
            
            
            VULHUB: VHN-159014 // 
            
            
            
            JVNDB: JVNDB-2019-005606 // 
            
            
            
            CNNVD: CNNVD-201906-661 // 
            
            
            
            NVD: CVE-2019-7579

SOURCES
db:VULHUBid:VHN-159014
db:JVNDBid:JVNDB-2019-005606
db:CNNVDid:CNNVD-201906-661
db:NVDid:CVE-2019-7579

LAST UPDATE DATE
2024-11-23T23:08:23.939000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-159014date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-005606date:2019-06-24T00:00:00
db:CNNVDid:CNNVD-201906-661date:2020-08-25T00:00:00
db:NVDid:CVE-2019-7579date:2024-11-21T04:48:22.050

SOURCES RELEASE DATE
db:VULHUBid:VHN-159014date:2019-06-17T00:00:00
db:JVNDBid:JVNDB-2019-005606date:2019-06-24T00:00:00
db:CNNVDid:CNNVD-201906-661date:2019-06-17T00:00:00
db:NVDid:CVE-2019-7579date:2019-06-17T19:15:11.783