All the vulnerabilites related to Linksys - WRT1900ACS
cve-2025-6752
Vulnerability from cvelistv5
Published
2025-06-27 03:31
Modified
2025-06-27 14:20
Severity ?
EPSS score ?
Summary
Linksys WRT1900ACS/EA7200/EA7450/EA7500 IGD Layer3Forwarding SetDefaultConnectionService stack-based overflow
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.314050 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.314050 | signature, permissions-required | |
| https://vuldb.com/?submit.600638 | third-party-advisory | |
| https://github.com/feiwuxingxie/cve/blob/main/linksys/vul01/1.md | related | |
| https://github.com/feiwuxingxie/cve/blob/main/linksys/vul01/1.md#poc | exploit | |
| https://www.linksys.com/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6752",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T14:19:53.625787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T14:20:16.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"IGD"
],
"product": "WRT1900ACS",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250619"
}
]
},
{
"modules": [
"IGD"
],
"product": "EA7200",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250619"
}
]
},
{
"modules": [
"IGD"
],
"product": "EA7450",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250619"
}
]
},
{
"modules": [
"IGD"
],
"product": "EA7500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250619"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "starash (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Linksys WRT1900ACS, EA7200, EA7450 and EA7500 up to 20250619 and classified as critical. This vulnerability affects the function SetDefaultConnectionService of the file /upnp/control/Layer3Forwarding of the component IGD. The manipulation of the argument NewDefaultConnectionService leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Linksys WRT1900ACS, EA7200, EA7450 and EA7500 bis 20250619 wurde eine kritische Schwachstelle gefunden. Es geht um die Funktion SetDefaultConnectionService der Datei /upnp/control/Layer3Forwarding der Komponente IGD. Dank der Manipulation des Arguments NewDefaultConnectionService mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T03:31:06.429Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-314050 | Linksys WRT1900ACS/EA7200/EA7450/EA7500 IGD Layer3Forwarding SetDefaultConnectionService stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.314050"
},
{
"name": "VDB-314050 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.314050"
},
{
"name": "Submit #600638 | Linksys WRT1900ACS Ver. 2.0.3.201002 Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.600638"
},
{
"tags": [
"related"
],
"url": "https://github.com/feiwuxingxie/cve/blob/main/linksys/vul01/1.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/feiwuxingxie/cve/blob/main/linksys/vul01/1.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-26T22:19:04.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys WRT1900ACS/EA7200/EA7450/EA7500 IGD Layer3Forwarding SetDefaultConnectionService stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6752",
"datePublished": "2025-06-27T03:31:06.429Z",
"dateReserved": "2025-06-26T20:13:50.409Z",
"dateUpdated": "2025-06-27T14:20:16.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-7311
Vulnerability from cvelistv5
Published
2019-06-06 15:41
Modified
2024-08-04 20:46
Severity ?
EPSS score ?
Summary
An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. A lack of encryption in how the user login cookie (admin-auth) is stored on a victim's computer results in the admin password being discoverable by a local attacker, and usable to gain administrative access to the victim's router. The admin password is stored in base64 cleartext in an "admin-auth" cookie. An attacker sniffing the network at the time of login could acquire the router's admin password. Alternatively, gaining physical access to the victim's computer soon after an administrative login could result in compromise.
References
| ▼ | URL | Tags |
|---|---|---|
| https://robot-security.blogspot.com | x_refsource_MISC | |
| http://www.x0rsecurity.com/2019/05/03/my-first-cve-linksys-wrt-1300-acs-cve-2019-7311/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:45.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://robot-security.blogspot.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.x0rsecurity.com/2019/05/03/my-first-cve-linksys-wrt-1300-acs-cve-2019-7311/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. A lack of encryption in how the user login cookie (admin-auth) is stored on a victim\u0027s computer results in the admin password being discoverable by a local attacker, and usable to gain administrative access to the victim\u0027s router. The admin password is stored in base64 cleartext in an \"admin-auth\" cookie. An attacker sniffing the network at the time of login could acquire the router\u0027s admin password. Alternatively, gaining physical access to the victim\u0027s computer soon after an administrative login could result in compromise."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-06T15:41:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://robot-security.blogspot.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.x0rsecurity.com/2019/05/03/my-first-cve-linksys-wrt-1300-acs-cve-2019-7311/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. A lack of encryption in how the user login cookie (admin-auth) is stored on a victim\u0027s computer results in the admin password being discoverable by a local attacker, and usable to gain administrative access to the victim\u0027s router. The admin password is stored in base64 cleartext in an \"admin-auth\" cookie. An attacker sniffing the network at the time of login could acquire the router\u0027s admin password. Alternatively, gaining physical access to the victim\u0027s computer soon after an administrative login could result in compromise."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://robot-security.blogspot.com",
"refsource": "MISC",
"url": "https://robot-security.blogspot.com"
},
{
"name": "http://www.x0rsecurity.com/2019/05/03/my-first-cve-linksys-wrt-1300-acs-cve-2019-7311/",
"refsource": "MISC",
"url": "http://www.x0rsecurity.com/2019/05/03/my-first-cve-linksys-wrt-1300-acs-cve-2019-7311/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7311",
"datePublished": "2019-06-06T15:41:42",
"dateReserved": "2019-02-03T00:00:00",
"dateUpdated": "2024-08-04T20:46:45.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-7579
Vulnerability from cvelistv5
Published
2019-06-17 18:26
Modified
2024-08-04 20:54
Severity ?
EPSS score ?
Summary
An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ability exists for an unauthenticated user to browse a confidential ui/1.0.99.187766/dynamic/js/setup.js.localized file on the router's webserver, allowing for an attacker to identify possible passwords that the system uses to set the default guest network password. An attacker can use this list of 30 words along with a random 2 digit number to brute force their access onto a router's guest network.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:28.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://robot-security.blogspot.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.x0rsecurity.com/2019/06/09/my-second-cve-linksys-wrt-acs-cve-2019-7579-or-as-i-call-it-acceptance-no-one-considers-security-by-design/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ability exists for an unauthenticated user to browse a confidential ui/1.0.99.187766/dynamic/js/setup.js.localized file on the router\u0027s webserver, allowing for an attacker to identify possible passwords that the system uses to set the default guest network password. An attacker can use this list of 30 words along with a random 2 digit number to brute force their access onto a router\u0027s guest network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-17T18:26:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://robot-security.blogspot.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.x0rsecurity.com/2019/06/09/my-second-cve-linksys-wrt-acs-cve-2019-7579-or-as-i-call-it-acceptance-no-one-considers-security-by-design/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ability exists for an unauthenticated user to browse a confidential ui/1.0.99.187766/dynamic/js/setup.js.localized file on the router\u0027s webserver, allowing for an attacker to identify possible passwords that the system uses to set the default guest network password. An attacker can use this list of 30 words along with a random 2 digit number to brute force their access onto a router\u0027s guest network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://robot-security.blogspot.com",
"refsource": "MISC",
"url": "https://robot-security.blogspot.com"
},
{
"name": "http://www.x0rsecurity.com/2019/06/09/my-second-cve-linksys-wrt-acs-cve-2019-7579-or-as-i-call-it-acceptance-no-one-considers-security-by-design/",
"refsource": "MISC",
"url": "http://www.x0rsecurity.com/2019/06/09/my-second-cve-linksys-wrt-acs-cve-2019-7579-or-as-i-call-it-acceptance-no-one-considers-security-by-design/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7579",
"datePublished": "2019-06-17T18:26:48",
"dateReserved": "2019-02-07T00:00:00",
"dateUpdated": "2024-08-04T20:54:28.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201906-0418
Vulnerability from variot
An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ability exists for an unauthenticated user to browse a confidential ui/1.0.99.187766/dynamic/js/setup.js.localized file on the router's webserver, allowing for an attacker to identify possible passwords that the system uses to set the default guest network password. An attacker can use this list of 30 words along with a random 2 digit number to brute force their access onto a router's guest network. Linksys WRT1900ACS The device contains vulnerabilities related to certificate and password management.Information may be obtained. Linksys WRT1900ACS is a wireless router from Linksys. A security vulnerability exists in Linksys WRT1900ACS version 1.0.3.187766
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0418",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt1900acs",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.0.3.187766"
},
{
"model": "wrt1900acs",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "1.0.3.187766"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005606"
},
{
"db": "NVD",
"id": "CVE-2019-7579"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:linksys:wrt1900acs_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005606"
}
]
},
"cve": "CVE-2019-7579",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-7579",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-159014",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-7579",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-7579",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-7579",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-661",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-159014",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159014"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005606"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-661"
},
{
"db": "NVD",
"id": "CVE-2019-7579"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ability exists for an unauthenticated user to browse a confidential ui/1.0.99.187766/dynamic/js/setup.js.localized file on the router\u0027s webserver, allowing for an attacker to identify possible passwords that the system uses to set the default guest network password. An attacker can use this list of 30 words along with a random 2 digit number to brute force their access onto a router\u0027s guest network. Linksys WRT1900ACS The device contains vulnerabilities related to certificate and password management.Information may be obtained. Linksys WRT1900ACS is a wireless router from Linksys. A security vulnerability exists in Linksys WRT1900ACS version 1.0.3.187766",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7579"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005606"
},
{
"db": "VULHUB",
"id": "VHN-159014"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7579",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005606",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-661",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-159014",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159014"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005606"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-661"
},
{
"db": "NVD",
"id": "CVE-2019-7579"
}
]
},
"id": "VAR-201906-0418",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-159014"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:56:50.251000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.linksys.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005606"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159014"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005606"
},
{
"db": "NVD",
"id": "CVE-2019-7579"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.x0rsecurity.com/2019/06/09/my-second-cve-linksys-wrt-acs-cve-2019-7579-or-as-i-call-it-acceptance-no-one-considers-security-by-design/"
},
{
"trust": 1.7,
"url": "https://robot-security.blogspot.com"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7579"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7579"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159014"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005606"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-661"
},
{
"db": "NVD",
"id": "CVE-2019-7579"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-159014"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005606"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-661"
},
{
"db": "NVD",
"id": "CVE-2019-7579"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-159014"
},
{
"date": "2019-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005606"
},
{
"date": "2019-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-661"
},
{
"date": "2019-06-17T19:15:11.783000",
"db": "NVD",
"id": "CVE-2019-7579"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-159014"
},
{
"date": "2019-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005606"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-661"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-7579"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-661"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT1900ACS Vulnerabilities related to certificate and password management in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005606"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-661"
}
],
"trust": 0.6
}
}
var-201906-0212
Vulnerability from variot
An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. A lack of encryption in how the user login cookie (admin-auth) is stored on a victim's computer results in the admin password being discoverable by a local attacker, and usable to gain administrative access to the victim's router. The admin password is stored in base64 cleartext in an "admin-auth" cookie. An attacker sniffing the network at the time of login could acquire the router's admin password. Alternatively, gaining physical access to the victim's computer soon after an administrative login could result in compromise. Linksys WRT1900ACS The device contains cryptographic vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Linksys WRT1900ACS is a wireless router from Linksys. In Linksys WRT1900ACS version 1.0.3.187766, there is an encryption vulnerability in the storage method of user login key. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0212",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt1900acs",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.0.3.187766"
},
{
"model": "wrt1900acs",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "1.0.3.187766"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005290"
},
{
"db": "NVD",
"id": "CVE-2019-7311"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:linksys:wrt1900acs_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005290"
}
]
},
"cve": "CVE-2019-7311",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-7311",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-158746",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-7311",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-7311",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-7311",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-259",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158746",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158746"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005290"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-259"
},
{
"db": "NVD",
"id": "CVE-2019-7311"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. A lack of encryption in how the user login cookie (admin-auth) is stored on a victim\u0027s computer results in the admin password being discoverable by a local attacker, and usable to gain administrative access to the victim\u0027s router. The admin password is stored in base64 cleartext in an \"admin-auth\" cookie. An attacker sniffing the network at the time of login could acquire the router\u0027s admin password. Alternatively, gaining physical access to the victim\u0027s computer soon after an administrative login could result in compromise. Linksys WRT1900ACS The device contains cryptographic vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Linksys WRT1900ACS is a wireless router from Linksys. In Linksys WRT1900ACS version 1.0.3.187766, there is an encryption vulnerability in the storage method of user login key. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7311"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005290"
},
{
"db": "VULHUB",
"id": "VHN-158746"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7311",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005290",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-259",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-158746",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158746"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005290"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-259"
},
{
"db": "NVD",
"id": "CVE-2019-7311"
}
]
},
"id": "VAR-201906-0212",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158746"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:33:57.601000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.linksys.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005290"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-311",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158746"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005290"
},
{
"db": "NVD",
"id": "CVE-2019-7311"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.x0rsecurity.com/2019/05/03/my-first-cve-linksys-wrt-1300-acs-cve-2019-7311/"
},
{
"trust": 1.7,
"url": "https://robot-security.blogspot.com"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7311"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7311"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158746"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005290"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-259"
},
{
"db": "NVD",
"id": "CVE-2019-7311"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158746"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005290"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-259"
},
{
"db": "NVD",
"id": "CVE-2019-7311"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-06T00:00:00",
"db": "VULHUB",
"id": "VHN-158746"
},
{
"date": "2019-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005290"
},
{
"date": "2019-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-259"
},
{
"date": "2019-06-06T16:29:01.823000",
"db": "NVD",
"id": "CVE-2019-7311"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-158746"
},
{
"date": "2019-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005290"
},
{
"date": "2019-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-259"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2019-7311"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-259"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT1900ACS Cryptographic vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005290"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-259"
}
],
"trust": 0.6
}
}