CVE-2019-5017

Published: Jun 17, 2019Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can craft and send a packet containing an opcode that will trigger the kernel module to return several addresses. One of which can be used to calculate the dynamic base address of the module for further exploitation.

Affected (2)

Products: Netgear: R8000 Firmware · Kcodes: Netusb.ko

1 product

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R8000 Firmware	Version 1.0.4.28_10.1.54

Running on/with	Platform Versions
Netgear R8000	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Kcodes Netusb.ko	Version 1.0.2.66

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.securityfocus.com/bid/108827

Source: talos-cna@cisco.com

Broken Link

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0776

Source: talos-cna@cisco.com

Third Party Advisory

http://www.securityfocus.com/bid/108827

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0776

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.