CVE-2019-16340

Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:linksys:velop_whw0303_firmware:1.1.8.192419:*:*:*:*:*:*:*
cpe:2.3:h:linksys:velop_whw0303:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:linksys:velop_whw0302_firmware:1.1.8.192419:*:*:*:*:*:*:*
cpe:2.3:h:linksys:velop_whw0302:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:linksys:velop_whw0301_firmware:1.1.8.192419:*:*:*:*:*:*:*
cpe:2.3:h:linksys:velop_whw0301:-:*:*:*:*:*:*:*

Information

Published : 2019-11-21 07:15

Updated : 2021-07-21 04:39


NVD link : CVE-2019-16340

Mitre link : CVE-2019-16340


JSON object : View

CWE
CWE-425

Direct Request ('Forced Browsing')

Advertisement

dedicated server usa

Products Affected

linksys

  • velop_whw0303_firmware
  • velop_whw0303
  • velop_whw0302_firmware
  • velop_whw0301_firmware
  • velop_whw0302
  • velop_whw0301