CVE-2019-19822 PoC — 多款TotoLink产品访问控制错误漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-19822.yaml

Associated Vulnerability

Title:多款TotoLink产品访问控制错误漏洞 (CVE-2019-19822)
Description:TotoLink A3002RU是中国台湾吉翁电子（TotoLink）公司的一款无线路由器产品。多款TotoLink产品中的管理界面存在安全漏洞。远程攻击者可利用该漏洞检索配置信息，包括敏感数据（用户名和密码）。以下产品及版本受到影响：TotoLink A3002RU 2.0.0及之前版本；A702R 2.1.3及之前版本；N301RT 2.1.6及之前版本；N302R 3.4.0及之前版本；N300RT 3.4.0及之前版本；N200RE 4.0.0及之前版本；N150RT 3.4.0及之前版本；N1

Description

A certain router administration interface using Realtek APMIB (e.g., on TOTOLINK models) allows unauthenticated remote attackers to disclose the entire router configuration, including sensitive credentials, via accessing the "config.dat" file. Affected devices include TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, N100RE through 3.4.0, and other Realtek SDK-based devices.

File Snapshot


 id: CVE-2019-19822

info:
  name: TOTOLINK/Realtek Routers - Information Disclosure
  author: ritikc

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!