CVE-2019-5016

Summary

An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory read, resulting in a denial of service or remote information disclosure. An unauthenticated attacker can send a crafted packet on the local network to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
TalosKCodesNETGEAR Nighthawk AC3200 (R8000) Firmware Version V1.0.4.2810.1.54 (11/7/18) - NetUSB.ko 1.0.2.66affected
TalosKCodesNETGEAR Nighthawk AC3000 (R7900) Firmware Version V1.0.3.810.0.37 (11/1/18) - NetUSB.ko 1.0.2.69affected

Weaknesses

  • CWE-200: CWE-200: Information Exposure

ADP Enrichment

CVE Program Container

Additional References

References