Strix
26.1K

CVE-2019-15653

HIGHCVSS 7.5/10EPSS 0.83%

Last modified

CVE-2019-15653 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. EPSS estimates a 0.83% chance of exploitation in the next 30 days.

Description

Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real value, i.e., md5(md5(value)).

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability
0.83%

52.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CombaAp2600-I - A02 - 0202n00pd2 FirmwareAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-15653?
Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real value, i.e., md5(md5(value)).
How severe is CVE-2019-15653?
CVE-2019-15653 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.83% probability of exploitation in the next 30 days.
How do I fix CVE-2019-15653?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-15653?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST