CVE-2019-19823

Name: CVE-2019-19823
Creator: NVD / NIST
Published: 2020-01-27T18:15:12.883+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 6.41%

Last modified Jun 17, 2026

CVE-2019-19823 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.. EPSS estimates a 6.41% chance of exploitation in the next 30 days.

Description

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

6.41%

92.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-522

Affected Software

Vendor	Product	Versions
Totolink	A3002ru Firmware	<= 2.0.0
Totolink	A702r Firmware	<= 2.1.3
Totolink	N302r Firmware	<= 3.4.0
Totolink	N300rt Firmware	<= 3.4.0
Totolink	N200re Firmware	<= 4.0.0
Totolink	N150rt Firmware	<= 3.4.0
Totolink	N100re Firmware	<= 3.4.0
Realtek	Rtk 11n Ap Firmware	<= 2019-12-12
Sapido	Gr297n Firmware	<= 2019-12-12
Ciktel	Mesh Router Firmware	<= 2019-12-12
Kctvjeju	Wireless Ap Firmware	<= 2019-12-12
Fg-Products	Fgn-R2 Firmware	<= 2019-12-12
Hiwifi	Max-C300n Firmware	<= 2019-12-12
Tbroad	Gn-866ac Firmware	<= 2019-12-12
Coship	Emta Ap Firmwre	<= 2019-12-12
Iodata	Wn-Ac1167r Firmwre	<= 2019-12-12
Hcn Max-C300n Project	Hcn Max-C300n Firmware	<= 2019-12-12
Totolink	N301rt Firmware	<= 2.1.6

References

http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgzExploit, Third Party Advisory
http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2020/Jan/36Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2020/Jan/38Exploit, Mailing List, Third Party Advisory
https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#L13Third Party Advisory
https://sploit.techThird Party Advisory
http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgzExploit, Third Party Advisory
http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2020/Jan/36Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2020/Jan/38Exploit, Mailing List, Third Party Advisory
https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#L13Third Party Advisory
https://sploit.techThird Party Advisory

Timeline

Published: Jan 27, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-19823?

How severe is CVE-2019-19823?

CVE-2019-19823 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 6.41% probability of exploitation in the next 30 days.

How do I fix CVE-2019-19823?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-19823?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST