Unpatched Web Vulnerability in Linksys WRT1900ACS Router Exposes Guest Network Passwords
CVE-2019-7579

7.5HIGH

Key Information:

Vendor: Linksys
Status: Wrt1900acs Firmware
Vendor: CVE Published:; 17 June 2019

What is CVE-2019-7579?

A vulnerability in Linksys WRT1900ACS routers allows an unauthenticated user to gain access to a sensitive JavaScript file on the device's webserver. This file contains crucial information that can lead to the exposure of potential passwords used to configure the default guest network. Given a list of 30 commonly used words and a random two-digit number, an attacker could exploit this weakness to conduct a brute force attack, gaining unauthorized access to the guest network and compromising security. It is essential for users of these devices to be aware of this issue and take appropriate security measures.

References

https://robot-security.blogspot.com

x_refsource_MISC

http://www.x0rsecurity.com/2019/06/09/my-second-cve-links...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2019
Vulnerability Reserved
Feb 7, 2019