CVE-2019-7311

Name of the Vulnerable Software and Affected Versions Linksys WRT1900ACS version 1.0.3.187766

Description The issue concerns a lack of encryption in storing the user login cookie, specifically the admin-auth cookie, which contains the admin password in base64 cleartext. This allows a local attacker to discover the admin password and gain administrative access to the router. An attacker can exploit this by sniffing the network during login or by gaining physical access to the victim's computer soon after an administrative login.

Recommendations For Linksys WRT1900ACS version 1.0.3.187766, consider changing the admin password regularly and avoiding using the same password across multiple devices as a temporary mitigation measure. Restrict access to the router's administrative interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.