CVE-2019-7311

Severity Score

7.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. A lack of encryption in how the user login cookie (admin-auth) is stored on a victim's computer results in the admin password being discoverable by a local attacker, and usable to gain administrative access to the victim's router. The admin password is stored in base64 cleartext in an "admin-auth" cookie. An attacker sniffing the network at the time of login could acquire the router's admin password. Alternatively, gaining physical access to the victim's computer soon after an administrative login could result in compromise.

Fue encontrado un problema en los dispositivos Linksys WRT1900ACS versión 1.0.3.187766. La falta de cifrado en la forma en que la cookie de inicio de sesión del usuario (admin-auth) es almacenada en la computadora de la víctima hace que un atacante local pueda descubrir la contraseña del administrador y la pueda usar para obtener acceso administrativo al enrutador de la víctima. La contraseña de administrador es almacenada en texto sin cifrar base64 en una cookie "admin-auth". Un atacante que espía la red en el momento de iniciar sesión podría adquirir la contraseña de administrador del enrutador. Alternativamente, obtener acceso físico a la computadora de la víctima poco después de un inicio de sesión administrativo podría resultar en un peligro.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-02-03 CVE Reserved
2019-06-06 CVE Published
2023-03-08 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-311: Missing Encryption of Sensitive Data

CAPEC

References (2)

URL	Tag	Source
http://www.x0rsecurity.com/2019/05/03/my-first-cve-linksys-wrt-1300-acs-cve-2019-7311	Third Party Advisory
https://robot-security.blogspot.com	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linksys Search vendor "Linksys"	Wrt1900acs Firmware Search vendor "Linksys" for product "Wrt1900acs Firmware"	1.0.3.187766 Search vendor "Linksys" for product "Wrt1900acs Firmware" and version "1.0.3.187766"	-	Affected	in	Linksys Search vendor "Linksys"	Wrt1900acs Search vendor "Linksys" for product "Wrt1900acs"	-	-	Safe