Strix
26.1K

CVE-2019-6972

UnknownEPSS 1.11%

Last modified

CVE-2019-6972 is a vulnerability of currently unknown severity. An issue was discovered on TP-Link TL-WR1043ND V2 devices. The credentials can be easily decoded and cracked by brute-force, WordList, or Rainbow Table attacks. EPSS estimates a 1.11% chance of exploitation in the next 30 days.

Description

An issue was discovered on TP-Link TL-WR1043ND V2 devices. The credentials can be easily decoded and cracked by brute-force, WordList, or Rainbow Table attacks. Specifically, credentials in the "Authorization" cookie are encoded with URL encoding and base64, leading to easy decoding. Also, the username is cleartext, and the password is hashed with the MD5 algorithm (after decoding of the URL encoded string with base64).

Metrics

EPSS Probability
1.11%

61.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Tp-LinkTl-Wr1043nd Firmware2.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-6972?
An issue was discovered on TP-Link TL-WR1043ND V2 devices. The credentials can be easily decoded and cracked by brute-force, WordList, or Rainbow Table attacks. Specifically, credentials in the "Authorization" cookie are encoded with URL encoding and base64, leading to easy decoding. Also, the username is cleartext, and the password is hashed with the MD5 algorithm (after decoding of the URL encoded string with base64).
How severe is CVE-2019-6972?
Severity scoring for CVE-2019-6972 is pending analysis. The EPSS model estimates a 1.11% probability of exploitation in the next 30 days.
How do I fix CVE-2019-6972?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-6972?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST