Insufficient Cookie Encryption on Linksys Router Raises Security Concerns
CVE-2019-7311
7.8HIGH
What is CVE-2019-7311?
A security issue has been identified in Linksys WRT1900ACS devices where the admin password is stored in cleartext within the 'admin-auth' cookie without proper encryption. This flawed storage mechanism allows local attackers to recover the admin password either by intercepting the network traffic during login or through physical access to the victim's computer shortly after an administrative session. Without adequate protection for sensitive authentication data, the risk of unauthorized administrative access to the router significantly increases.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved