How severe is CVE-2019-7311?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2019-7311?

This is classified as CWE-311, which is a common weakness in software security.

CVE-2019-7311

HIGH Year: 2019

CVSS v3 Score

7.8

High

CVSS v2 Score

7.2

High

Weakness Type

CWE-311

View all →

Vulnerability Description

An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. A lack of encryption in how the user login cookie (admin-auth) is stored on a victim's computer results in the admin password being discoverable by a local attacker, and usable to gain administrative access to the victim's router. The admin password is stored in base64 cleartext in an "admin-auth" cookie. An attacker sniffing the network at the time of login could acquire the router's admin password. Alternatively, gaining physical access to the victim's computer soon after an administrative login could result in compromise.

CVE-2019-1003048

HIGH

CVSS:7.8(High)

A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.

CWE-3112019

CVE-2022-41627

HIGH

CVSS:7.6(High)

The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal electrocardiogram (EKG) has no encryption for its data-over-sound protocols. Exploiting this vulnerability could all...

CWE-3112022

CVE-2007-4961

HIGH

CVSS:7.5(High)

The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd fie...

CWE-3112007

CVE-2016-10557

HIGH

CVSS:8.1(High)

appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause ...

CWE-3112016

CVE-2016-10558

HIGH

CVSS:8.1(High)

aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause...

CWE-3112016

CVE-2016-10559

HIGH

CVSS:8.1(High)

selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable ...

CWE-3112016

CVE-2019-7311

Vulnerability Description

Related Vulnerabilities

CVE-2019-1003048

CVE-2022-41627

CVE-2007-4961

CVE-2016-10557

CVE-2016-10558

CVE-2016-10559