CVE-2019-7311

{"id": "CVE-2019-7311", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-06-06T16:29:01.823", "references": [{"url": "http://www.x0rsecurity.com/2019/05/03/my-first-cve-linksys-wrt-1300-acs-cve-2019-7311/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://robot-security.blogspot.com", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-311"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. A lack of encryption in how the user login cookie (admin-auth) is stored on a victim's computer results in the admin password being discoverable by a local attacker, and usable to gain administrative access to the victim's router. The admin password is stored in base64 cleartext in an \"admin-auth\" cookie. An attacker sniffing the network at the time of login could acquire the router's admin password. Alternatively, gaining physical access to the victim's computer soon after an administrative login could result in compromise."}, {"lang": "es", "value": "Fue encontrado un problema en los dispositivos Linksys WRT1900ACS versi\u00f3n 1.0.3.187766. La falta de cifrado en la forma en que la cookie de inicio de sesi\u00f3n del usuario (admin-auth) es almacenada en la computadora de la v\u00edctima hace que un atacante local pueda descubrir la contrase\u00f1a del administrador y la pueda usar para obtener acceso administrativo al enrutador de la v\u00edctima. La contrase\u00f1a de administrador es almacenada en texto sin cifrar base64 en una cookie \"admin-auth\". Un atacante que esp\u00eda la red en el momento de iniciar sesi\u00f3n podr\u00eda adquirir la contrase\u00f1a de administrador del enrutador. Alternativamente, obtener acceso f\u00edsico a la computadora de la v\u00edctima poco despu\u00e9s de un inicio de sesi\u00f3n administrativo podr\u00eda resultar en un peligro."}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linksys:wrt1900acs_firmware:1.0.3.187766:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B7E340D-05C2-489B-8C7B-BB4010F4736C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:linksys:wrt1900acs:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "644BB3FE-F8D7-4495-B42F-624666782F77"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}