ghsa-9m67-qxr7-3jg8
Vulnerability from github
Published
2022-05-24 16:47
Modified
2022-05-24 16:47
Details

An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. A lack of encryption in how the user login cookie (admin-auth) is stored on a victim's computer results in the admin password being discoverable by a local attacker, and usable to gain administrative access to the victim's router. The admin password is stored in base64 cleartext in an "admin-auth" cookie. An attacker sniffing the network at the time of login could acquire the router's admin password. Alternatively, gaining physical access to the victim's computer soon after an administrative login could result in compromise.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2019-7311"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-06T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. A lack of encryption in how the user login cookie (admin-auth) is stored on a victim\u0027s computer results in the admin password being discoverable by a local attacker, and usable to gain administrative access to the victim\u0027s router. The admin password is stored in base64 cleartext in an \"admin-auth\" cookie. An attacker sniffing the network at the time of login could acquire the router\u0027s admin password. Alternatively, gaining physical access to the victim\u0027s computer soon after an administrative login could result in compromise.",
  "id": "GHSA-9m67-qxr7-3jg8",
  "modified": "2022-05-24T16:47:32Z",
  "published": "2022-05-24T16:47:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7311"
    },
    {
      "type": "WEB",
      "url": "https://robot-security.blogspot.com"
    },
    {
      "type": "WEB",
      "url": "http://www.x0rsecurity.com/2019/05/03/my-first-cve-linksys-wrt-1300-acs-cve-2019-7311"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.