CVE-2019-6972 Information

Description

An issue was discovered on TP-Link TL-WR1043ND V2 devices. The credentials can be easily decoded and cracked by brute-force WordList or Rainbow Table attacks. Specifically credentials in the \Authorization\ cookie are encoded with URL encoding and base64 leading to easy decoding. Also the username is cleartext and the password is hashed with the MD5 algorithm (after decoding of the URL encoded string with base64).

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://github.com/MalFuzzer/Vulnerability-Research/blob/master/TL-WR1043ND20V220-20TP-LINK/TL-WR1043ND_PoC.pdf https://twitter.com/MalFuzzer/status/1141269335685652480?s=19

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5