Vulnerability Details CVE-2019-16340
Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 6.4
References
- http://s3.amazonaws.com/downloads.linksys.com/support/assets/releasenotes/WHW03_A03_Velop_Customer_Release_Notes_1.1.9.195026.txt
- https://puzzor.github.io/Linksys-Velop-Authentication-bypass
- https://www.linksys.com/us/support-article?articleNum=207568
- http://s3.amazonaws.com/downloads.linksys.com/support/assets/releasenotes/WHW03_A03_Velop_Customer_Release_Notes_1.1.9.195026.txt
- https://puzzor.github.io/Linksys-Velop-Authentication-bypass
- https://www.linksys.com/us/support-article?articleNum=207568
Products affected by CVE-2019-16340
-
cpe:2.3:h:linksys:velop_whw0301:-
-
cpe:2.3:h:linksys:velop_whw0302:-
-
cpe:2.3:h:linksys:velop_whw0303:-
-
cpe:2.3:o:linksys:velop_whw0301_firmware:1.1.8.192419
-
cpe:2.3:o:linksys:velop_whw0302_firmware:1.1.8.192419
-
cpe:2.3:o:linksys:velop_whw0303_firmware:1.1.8.192419