Lucene search

TalosCVE-2019-5016

HistoryJun 17, 2019 - 9:15 p.m.

CVE-2019-5016

2019-06-1721:15:09

CWE-200

talos

web.nvd.nist.gov

cve-2019-5016

netusb.ko

kernel module

readyshare printer

netgear nighthawk routers

denial of service

remote information disclosure

nvd

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

8.6

Confidence

High

EPSS

0.006

Percentile

77.9%

JSON

An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory read, resulting in a denial of service or remote information disclosure. An unauthenticated attacker can send a crafted packet on the local network to trigger this vulnerability.

Affected configurations

Nvd

Vulners

Node

netgearr8000_firmwareMatch1.0.4.28_10.1.54

AND

netgearr8000Match-

Node

netgearr7900_firmwareMatch1.0.3.810.037

AND

netgearr7900Match-

Node

kcodesnetusb.koMatch1.0.2.66

kcodesnetusb.koMatch1.0.2.69

VendorProductVersionCPE
netgearr8000_firmware1.0.4.28_10.1.54cpe:2.3:o:netgear:r8000_firmware:1.0.4.28_10.1.54:*:*:*:*:*:*:*
netgearr8000-cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*
netgearr7900_firmware1.0.3.810.037cpe:2.3:o:netgear:r7900_firmware:1.0.3.810.037:*:*:*:*:*:*:*
netgearr7900-cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*
kcodesnetusb.ko1.0.2.66cpe:2.3:a:kcodes:netusb.ko:1.0.2.66:*:*:*:*:*:*:*
kcodesnetusb.ko1.0.2.69cpe:2.3:a:kcodes:netusb.ko:1.0.2.69:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	r8000_firmware	1.0.4.28_10.1.54	cpe:2.3:o:netgear:r8000_firmware:1.0.4.28_10.1.54:::::::*
netgear	r8000	-	cpe:2.3:h:netgear:r8000:-:::::::*
netgear	r7900_firmware	1.0.3.810.037	cpe:2.3:o:netgear:r7900_firmware:1.0.3.810.037:::::::*
netgear	r7900	-	cpe:2.3:h:netgear:r7900:-:::::::*
kcodes	netusb.ko	1.0.2.66	cpe:2.3:a:kcodes:netusb.ko:1.0.2.66:::::::*
kcodes	netusb.ko	1.0.2.69	cpe:2.3:a:kcodes:netusb.ko:1.0.2.69:::::::*

CNA Affected

[
  {
    "product": "KCodes",
    "vendor": "Talos",
    "versions": [
      {
        "status": "affected",
        "version": "NETGEAR Nighthawk AC3200 (R8000) Firmware Version V1.0.4.2810.1.54 (11/7/18) - NetUSB.ko 1.0.2.66"
      },
      {
        "status": "affected",
        "version": "NETGEAR Nighthawk AC3000 (R7900) Firmware Version V1.0.3.810.0.37 (11/1/18) - NetUSB.ko 1.0.2.69"
      }
    ]
  }
]

References

www.securityfocus.com/bid/108820

talosintelligence.com/vulnerability_reports/TALOS-2019-0775

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

8.6

Confidence

High

EPSS

0.006

Percentile

77.9%

JSON

Related for CVE-2019-5016