CVE-2019-5016

Published: Jun 17, 2019Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory read, resulting in a denial of service or remote information disclosure. An unauthenticated attacker can send a crafted packet on the local network to trigger this vulnerability.

Affected (4)

Products: Netgear: R8000 Firmware, R7900 Firmware · Kcodes: Netusb.ko

2 products

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R8000 Firmware	Version 1.0.4.28_10.1.54

Running on/with	Platform Versions
Netgear R8000	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7900 Firmware	Version 1.0.3.810.037

Running on/with	Platform Versions
Netgear R7900	All versions

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Kcodes Netusb.ko	Version 1.0.2.66
Kcodes Netusb.ko	Version 1.0.2.69

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.securityfocus.com/bid/108820

Source: talos-cna@cisco.com

Broken Link

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0775

Source: talos-cna@cisco.com

Third Party Advisory

http://www.securityfocus.com/bid/108820

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0775

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.