CVE-2019-17373

Published: Oct 9, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.

Affected (10)

Products: Netgear: Mbr1515 Firmware, Mbr1516 Firmware, Dgn2200 Firmware, Dgn2200m Firmware, Dgnd3700 Firmware, Wnr2000v2 Firmware, Wndr3300 Firmware, Wndr3400 Firmware, Wnr3500 Firmware, Wnr834bv2 Firmware

10 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Mbr1515 Firmware	All versions

Running on/with	Platform Versions
Netgear Mbr1515	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Mbr1516 Firmware	All versions

Running on/with	Platform Versions
Netgear Mbr1516	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Dgn2200 Firmware	All versions

Running on/with	Platform Versions
Netgear Dgn2200	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Dgn2200m Firmware	All versions

Running on/with	Platform Versions
Netgear Dgn2200m	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Dgnd3700 Firmware	All versions

Running on/with	Platform Versions
Netgear Dgnd3700	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wnr2000v2 Firmware	All versions

Running on/with	Platform Versions
Netgear Wnr2000v2	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wndr3300 Firmware	All versions

Running on/with	Platform Versions
Netgear Wndr3300	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wndr3400 Firmware	All versions

Running on/with	Platform Versions
Netgear Wndr3400	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wnr3500 Firmware	All versions

Running on/with	Platform Versions
Netgear Wnr3500	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wnr834bv2 Firmware	All versions

Running on/with	Platform Versions
Netgear Wnr834bv2	All versions

References (2)

https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md

Source: cve@mitre.org

Third Party Advisory

https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.