CVE-2019-5016
10
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H
Summary
An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory read, resulting in a denial of service or remote information disclosure. An unauthenticated attacker can send a crafted packet on the local network to trigger this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Talos | KCodes | NETGEAR Nighthawk AC3200 (R8000) Firmware Version V1.0.4.2810.1.54 (11/7/18) - NetUSB.ko 1.0.2.66 | affected |
| Talos | KCodes | NETGEAR Nighthawk AC3000 (R7900) Firmware Version V1.0.3.810.0.37 (11/1/18) - NetUSB.ko 1.0.2.69 | affected |
Weaknesses
- CWE-200: CWE-200: Information Exposure
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/108820
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0775
References
- http://www.securityfocus.com/bid/108820
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0775
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.