( Note: A “salt” is randomly generated data used in password encryption.) Related to CVE-2019-3915, this is possible since the router’s web interface is not secured by HTTPS, allowing an attacker to sniff out and duplicate the login requests. From there, they can execute CVE-2019-3914 to gain full control of the router.ĬVE-2019-3916 – This flaw allows an attacker to steal the value of the password salt used for the administrator interface then use a brute force dictionary attack to unlock the original password.
Since the router’s web interface is not secured by HTTPS, the attacker could sniff the requests and replay them. An attacker can also launch this attack in some cases where remote administration on the router is enabled.ĬVE-2019-3915 – This flaw allows an attacker to gain access to the router’s web interface by intercepting login requests. To pull this off, the attacker has to be authenticated by the router’s web administration interface and has to be connected to your local network already.
CVE-2019-3914 – A flaw that could allow an attacker to inject commands on the router’s operating system.
0 kommentar(er)
