Unrated severityNVD Advisory· Published Sep 16, 2019· Updated Aug 4, 2024
CVE-2019-13140
CVE-2019-13140
Description
Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Inteno/EG200description
Patches
Vulnerability mechanics
References
4- www.exploit-db.com/exploits/47390mitreexploitx_refsource_EXPLOIT-DB
- packetstormsecurity.com/files/154494/Inteno-IOPSYS-Gateway-3DES-Key-Extraction-Improper-Access.htmlmitrex_refsource_MISC
- twitter.com/GerardFuguet/status/1169298861782896642mitrex_refsource_MISC
- www.exploit-db.com/docs/47397mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.