CVE-2019-7579

Name of the Vulnerable Software and Affected Versions Linksys WRT1900ACS version 1.0.3.187766

Description An issue exists where an unauthenticated user can access a confidential file setup.js.localized at the /ui/1.0.99.187766/dynamic/js/ endpoint, allowing an attacker to obtain a list of possible default guest network passwords. This list, combined with a random 2-digit number, can be used to brute force access to the router's guest network.

Recommendations For Linksys WRT1900ACS version 1.0.3.187766, consider restricting access to the /ui/1.0.99.187766/dynamic/js/ endpoint to prevent unauthorized users from accessing the setup.js.localized file until a patch is available. Additionally, changing the default guest network password to a strong, unique password can help mitigate the risk of brute force attacks.