CVE-2019-19967 in Connect Box EuroDOCSIS 3.0 Voice Gateway
Summary
by MITRE
The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH devices accepts a cleartext password in a POST request on port 80, as demonstrated by the Password field to the xml/setter.xml URI.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 12/26/2019
The vulnerability identified as CVE-2019-19967 affects the Connect Box EuroDOCSIS 3.0 Voice Gateway model CH7465LG-NCIP-6.12.18.25-2p6-NOSH, which represents a significant security weakness in network infrastructure devices. This issue manifests within the administration interface of the device, specifically through the web-based management portal that operates on port 80, exposing a critical flaw in authentication mechanisms. The vulnerability allows unauthorized access through unencrypted credential transmission, making it particularly dangerous in environments where network traffic may be intercepted or monitored.
The technical flaw involves the administration page's acceptance of cleartext passwords through POST requests, specifically targeting the xml/setter.xml URI endpoint. This design flaw violates fundamental security principles by transmitting sensitive authentication credentials without encryption, making them susceptible to interception during transmission. The vulnerability exists because the device fails to implement proper transport layer security measures for administrative communications, allowing attackers to capture passwords using network sniffing tools or man-in-the-middle attacks. This represents a direct violation of security standards that require encrypted transmission of sensitive data, particularly authentication credentials.
The operational impact of this vulnerability extends beyond simple credential theft, as it enables full administrative access to the voice gateway device. An attacker who successfully intercepts the cleartext password can gain complete control over the device's configuration, potentially leading to service disruption, data exfiltration, or the use of the device as a pivot point for further attacks within the network. The vulnerability affects the device's ability to maintain secure communications, undermining the integrity of the entire network infrastructure that relies on this gateway for voice services. This type of flaw is particularly concerning in cable network environments where such devices often serve as critical components in service delivery networks.
Mitigation strategies for this vulnerability should focus on immediate implementation of network-level protections, including mandatory use of HTTPS for all administrative communications, network segmentation to isolate management traffic, and deployment of intrusion detection systems to monitor for suspicious activity. Organizations should also implement network access controls that restrict administrative access to authorized personnel only and establish monitoring protocols to detect unauthorized access attempts. From a compliance perspective, this vulnerability directly relates to CWE-312, which addresses the exposure of sensitive information through cleartext transmission, and aligns with ATT&CK technique T1078 for valid accounts and T1566 for credential harvesting through network sniffing. The device manufacturer should be contacted for firmware updates that address this security gap, while network administrators should conduct thorough assessments of their device configurations to ensure no other similar vulnerabilities exist within their infrastructure.