CVE-2019-19823

Name of the Vulnerable Software and Affected Versions TOTOLINK A3002RU versions 2.0.0 and earlier TOTOLINK A702R versions 2.1.3 and earlier TOTOLINK N301RT versions 2.1.6 and earlier TOTOLINK N302R versions 3.4.0 and earlier TOTOLINK N300RT versions 3.4.0 and earlier TOTOLINK N200RE versions 4.0.0 and earlier TOTOLINK N150RT versions 3.4.0 and earlier TOTOLINK N100RE versions 3.4.0 and earlier Rutek RTK 11N AP versions prior to 2019-12-12 Sapido GR297n versions prior to 2019-12-12 CIK TELECOM MESH ROUTER versions prior to 2019-12-12 KCTVJEJU Wireless AP versions prior to 2019-12-12 Fibergate FGN-R2 versions prior to 2019-12-12 Hi-Wifi MAX-C300N versions prior to 2019-12-12 HCN MAX-C300N versions prior to 2019-12-12 T-broad GN-866ac versions prior to 2019-12-12 Coship EMTA AP versions prior to 2019-12-12 IO-Data WN-AC1167R versions prior to 2019-12-12

Description The router administration interface stores cleartext administrative passwords in flash memory and in a file. This issue affects various router models.

Recommendations For TOTOLINK A3002RU versions 2.0.0 and earlier, update the firmware to remove cleartext administrative passwords from flash memory and files. For TOTOLINK A702R versions 2.1.3 and earlier, update the firmware to remove cleartext administrative passwords from flash memory and files. For TOTOLINK N301RT versions 2.1.6 and earlier, update the firmware to remove cleartext administrative passwords from flash memory and files. For TOTOLINK N302R versions 3.4.0 and earlier, update the firmware to remove cleartext administrative passwords from flash memory and files. For TOTOLINK N300RT versions 3.4.0 and earlier, update the firmware to remove cleartext administrative passwords from flash memory and files. For TOTOLINK N200RE versions 4.0.0 and earlier, update the firmware to remove cleartext administrative passwords from flash memory and files. For TOTOLINK N150RT versions 3.4.0 and earlier, update the firmware to remove cleartext administrative passwords from flash memory and files. For TOTOLINK N100RE versions 3.4.0 and earlier, update the firmware to remove cleartext administrative passwords from flash memory and files. For Rutek RTK 11N AP versions prior to 2019-12-12, update the firmware to a version released after 2019-12-12. For Sapido GR297n versions prior to 2019-12-12, update the firmware to a version released after 2019-12-12. For CIK TELECOM MESH ROUTER versions prior to 2019-12-12, update the firmware to a version released after 2019-12-12. For KCTVJEJU Wireless AP versions prior to 2019-12-12, update the firmware to a version released after 2019-12-12. For Fibergate FGN-R2 versions prior to 2019-12-12, update the firmware to a version released after 2019-12-12. For Hi-Wifi MAX-C300N versions prior to 2019-12-12, update the firmware to a version released after 2019-12-12. For HCN MAX-C300N versions prior to 2019-12-12, update the firmware to a version released after 2019-12-12. For T-broad GN-866ac versions prior to 2019-12-12, update the firmware to a version released after 2019-12-12. For Coship EMTA AP versions prior to 2019-12-12, update the firmware to a version released after 2019-12-12. For IO-Data WN-AC1167R versions prior to 2019-12-12, update the firmware to a version released after 2019-12-12.