CVE-2019-17372

Published: Oct 9, 2019Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered.html to obtain a valid new admin password. This affects AC1450, D8500, DC112A, JNDR3000, LG2200D, R4500, R6200, R6200V2, R6250, R6300, R6300v2, R6400, R6700, R6900P, R6900, R7000P, R7000, R7100LG, R7300, R7900, R8000, R8300, R8500, WGR614v10, WN2500RPv2, WNDR3400v2, WNDR3700v3, WNDR4000, WNDR4500, WNDR4500v2, WNR1000, WNR1000v3, WNR3500L, and WNR3500L.

Affected (33)

Products: Netgear: Ac1450 Firmware, D8500 Firmware, Dc112a Firmware, Jndr3000 Firmware, Lg2200d Firmware, R4500 Firmware, R6200 Firmware, R6200v2 Firmware, R6250 Firmware, R6300 Firmware, R6300v2 Firmware, R6400 Firmware, R6700 Firmware, R6900p Firmware, R6900 Firmware, R7000p Firmware, R7000 Firmware, R7100lg Firmware, R7300 Firmware, R7900 Firmware, R8000 Firmware, R8300 Firmware, R8500 Firmware, Wgr614v10 Firmware, Wn2500rpv2 Firmware, Wndr3400v2 Firmware, Wndr3700v3 Firmware, Wndr4000 Firmware, Wndr4500 Firmware, Wndr4500v2 Firmware, Wnr1000 Firmware, Wnr1000v3 Firmware, Wnr3500l Firmware

33 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ac1450 Firmware	All versions

Running on/with	Platform Versions
Netgear Ac1450	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear D8500 Firmware	All versions

Running on/with	Platform Versions
Netgear D8500	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Dc112a Firmware	All versions

Running on/with	Platform Versions
Netgear Dc112a	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Jndr3000 Firmware	All versions

Running on/with	Platform Versions
Netgear Jndr3000	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Lg2200d Firmware	All versions

Running on/with	Platform Versions
Netgear Lg2200d	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R4500 Firmware	All versions

Running on/with	Platform Versions
Netgear R4500	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6200 Firmware	All versions

Running on/with	Platform Versions
Netgear R6200	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6200v2 Firmware	All versions

Running on/with	Platform Versions
Netgear R6200v2	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6250 Firmware	All versions

Running on/with	Platform Versions
Netgear R6250	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6300 Firmware	All versions

Running on/with	Platform Versions
Netgear R6300	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6300v2 Firmware	All versions

Running on/with	Platform Versions
Netgear R6300v2	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6400 Firmware	All versions

Running on/with	Platform Versions
Netgear R6400	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6700 Firmware	All versions

Running on/with	Platform Versions
Netgear R6700	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6900p Firmware	All versions

Running on/with	Platform Versions
Netgear R6900p	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6900 Firmware	All versions

Running on/with	Platform Versions
Netgear R6900	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7000p Firmware	All versions

Running on/with	Platform Versions
Netgear R7000p	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7000 Firmware	All versions

Running on/with	Platform Versions
Netgear R7000	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7100lg Firmware	All versions

Running on/with	Platform Versions
Netgear R7100lg	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7300 Firmware	All versions

Running on/with	Platform Versions
Netgear R7300	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7900 Firmware	All versions

Running on/with	Platform Versions
Netgear R7900	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R8000 Firmware	All versions

Running on/with	Platform Versions
Netgear R8000	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R8300 Firmware	All versions

Running on/with	Platform Versions
Netgear R8300	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R8500 Firmware	All versions

Running on/with	Platform Versions
Netgear R8500	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wgr614v10 Firmware	All versions

Running on/with	Platform Versions
Netgear Wgr614v10	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wn2500rpv2 Firmware	All versions

Running on/with	Platform Versions
Netgear Wn2500rpv2	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wndr3400v2 Firmware	All versions

Running on/with	Platform Versions
Netgear Wndr3400v2	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wndr3700v3 Firmware	All versions

Running on/with	Platform Versions
Netgear Wndr3700v3	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wndr4000 Firmware	All versions

Running on/with	Platform Versions
Netgear Wndr4000	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wndr4500 Firmware	All versions

Running on/with	Platform Versions
Netgear Wndr4500	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wndr4500v2 Firmware	All versions

Running on/with	Platform Versions
Netgear Wndr4500v2	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wnr1000 Firmware	All versions

Running on/with	Platform Versions
Netgear Wnr1000	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wnr1000v3 Firmware	All versions

Running on/with	Platform Versions
Netgear Wnr1000v3	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wnr3500l Firmware	All versions

Running on/with	Platform Versions
Netgear Wnr3500l	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://github.com/zer0yu/CVE_Request/blob/master/netgear/netgear_cgi_unauthorized_access_vulnerability.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/zer0yu/CVE_Request/blob/master/netgear/netgear_cgi_unauthorized_access_vulnerability.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.