Info disclosure — CVE-2019–19007
1 min readDec 6, 2019
This vulnerability is a Information disclosure of administrator login and password present on the router IWR 3000N in 1.8.7 firmware leading to complete control of the router, as demonstrated by v1/system/user.
Proof Of Concept —
First Step —
Login in the panel of router, (admin:admin):
Second Step —
Access url http://<ip>/v1/system/user:
Third Step —
Decoder password: