Lucene search

MitreCVE-2019-17373

HistoryOct 09, 2019 - 1:15 p.m.

CVE-2019-17373

2019-10-0913:15:20

mitre

web.nvd.nist.gov

cve-2019-17373

netgear

unauthenticated access

critical pages

security vulnerability

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

60.7%

JSON

Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.

Affected configurations

Nvd

Node

netgearmbr1515_firmwareMatch-

AND

netgearmbr1515Match-

Node

netgearmbr1516_firmwareMatch-

AND

netgearmbr1516Match-

Node

netgeardgn2200_firmwareMatch-

AND

netgeardgn2200Match-

Node

netgeardgn2200m_firmwareMatch-

AND

netgeardgn2200mMatch-

Node

netgeardgnd3700_firmwareMatch-

AND

netgeardgnd3700Match-

Node

netgearwnr2000v2_firmwareMatch-

AND

netgearwnr2000v2Match-

Node

netgearwndr3300_firmwareMatch-

AND

netgearwndr3300Match-

Node

netgearwndr3400_firmwareMatch-

AND

netgearwndr3400Match-

Node

netgearwnr3500_firmwareMatch-

AND

netgearwnr3500Match-

Node

netgearwnr834bv2_firmwareMatch-

AND

netgearwnr834bv2Match-

VendorProductVersionCPE
netgearmbr1515_firmware-cpe:2.3:o:netgear:mbr1515_firmware:-:*:*:*:*:*:*:*
netgearmbr1515-cpe:2.3:h:netgear:mbr1515:-:*:*:*:*:*:*:*
netgearmbr1516_firmware-cpe:2.3:o:netgear:mbr1516_firmware:-:*:*:*:*:*:*:*
netgearmbr1516-cpe:2.3:h:netgear:mbr1516:-:*:*:*:*:*:*:*
netgeardgn2200_firmware-cpe:2.3:o:netgear:dgn2200_firmware:-:*:*:*:*:*:*:*
netgeardgn2200-cpe:2.3:h:netgear:dgn2200:-:*:*:*:*:*:*:*
netgeardgn2200m_firmware-cpe:2.3:o:netgear:dgn2200m_firmware:-:*:*:*:*:*:*:*
netgeardgn2200m-cpe:2.3:h:netgear:dgn2200m:-:*:*:*:*:*:*:*
netgeardgnd3700_firmware-cpe:2.3:o:netgear:dgnd3700_firmware:-:*:*:*:*:*:*:*
netgeardgnd3700-cpe:2.3:h:netgear:dgnd3700:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	mbr1515_firmware	-	cpe:2.3:o:netgear:mbr1515_firmware:-:::::::*
netgear	mbr1515	-	cpe:2.3:h:netgear:mbr1515:-:::::::*
netgear	mbr1516_firmware	-	cpe:2.3:o:netgear:mbr1516_firmware:-:::::::*
netgear	mbr1516	-	cpe:2.3:h:netgear:mbr1516:-:::::::*
netgear	dgn2200_firmware	-	cpe:2.3:o:netgear:dgn2200_firmware:-:::::::*
netgear	dgn2200	-	cpe:2.3:h:netgear:dgn2200:-:::::::*
netgear	dgn2200m_firmware	-	cpe:2.3:o:netgear:dgn2200m_firmware:-:::::::*
netgear	dgn2200m	-	cpe:2.3:h:netgear:dgn2200m:-:::::::*
netgear	dgnd3700_firmware	-	cpe:2.3:o:netgear:dgnd3700_firmware:-:::::::*
netgear	dgnd3700	-	cpe:2.3:h:netgear:dgnd3700:-:::::::*

Rows per page:

1-10 of 201

References

github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

60.7%

JSON

Related for CVE-2019-17373