CVE-2019-19822

Name: CVE-2019-19822
Creator: NVD / NIST
Published: 2020-01-27T18:15:12.79+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 8.67%

Last modified Jun 17, 2026

CVE-2019-19822 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.. EPSS estimates a 8.67% chance of exploitation in the next 30 days.

Description

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

8.67%

94.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-306

Affected Software

Vendor	Product	Versions
Totolink	A3002ru Firmware	<= 2.0.0
Totolink	A702r Firmware	<= 2.1.3
Totolink	N302r Firmware	<= 3.4.0
Totolink	N300rt Firmware	<= 3.4.0
Totolink	N200re Firmware	<= 4.0.0
Totolink	N150rt Firmware	<= 3.4.0
Totolink	N100re Firmware	<= 3.4.0
Realtek	Rtk 11n Ap Firmware	<= 2019-12-12
Sapido	Gr297n Firmware	<= 2019-12-12
Ciktel	Mesh Router Firmware	<= 2019-12-12
Kctvjeju	Wireless Ap Firmware	<= 2019-12-12
Fg-Products	Fgn-R2 Firmware	<= 2019-12-12
Hiwifi	Max-C300n Firmware	<= 2019-12-12
Tbroad	Gn-866ac Firmware	<= 2019-12-12
Coship	Emta Ap Firmwre	<= 2019-12-12
Iodata	Wn-Ac1167r Firmwre	<= 2019-12-12
Hcn Max-C300n Project	Hcn Max-C300n Firmware	<= 2019-12-12
Totolink	N301rt Firmware	<= 2.1.6

References

http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgzExploit, Third Party Advisory
http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2020/Jan/36Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2020/Jan/38Exploit, Mailing List, Third Party Advisory
https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#L13Third Party Advisory
https://sploit.techThird Party Advisory
http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgzExploit, Third Party Advisory
http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2020/Jan/36Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2020/Jan/38Exploit, Mailing List, Third Party Advisory
https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#L13Third Party Advisory
https://sploit.techThird Party Advisory

Timeline

Published: Jan 27, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-19822?

How severe is CVE-2019-19822?

CVE-2019-19822 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 8.67% probability of exploitation in the next 30 days.

How do I fix CVE-2019-19822?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-19822?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST