Details of VAR-E-201906-0016

ID

VAR-E-201906-0016

CVE

cve_id:

CVE-2019-5017

Trust: 0.3

sources: BID: 108827

TITLE

KCodes NetUSB CVE-2019-5017 Information Disclosure Vulnerability

Trust: 0.3

sources: BID: 108827

DESCRIPTION

KCodes NetUSB is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to obtain sensitive information that may aid in further attacks.
KCodes NetUSB.ko versions 1.0.2.66 and 1.0.2.69 are vulnerable; other versions may also be affected.

Trust: 0.3

sources: BID: 108827

AFFECTED PRODUCTS

vendor:	netgear	model:	ac3200 nighthawk	scope:	eq	version:	1.0.4.2810.1.54	Trust: 0.3
vendor:	netgear	model:	ac3000 nighthawk	scope:	eq	version:	1.0.3.810.0.37	Trust: 0.3
vendor:	kcodes	model:	netusb.ko	scope:	eq	version:	1.0.2.69	Trust: 0.3
vendor:	kcodes	model:	netusb.ko	scope:	eq	version:	1.0.2.66	Trust: 0.3

sources: BID: 108827

EXPLOIT

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

Trust: 0.3

sources: BID: 108827

PRICE

Free

Trust: 0.3

sources: BID: 108827

TYPE

Design Error

Trust: 0.3

sources: BID: 108827

CREDITS

Dave McDaniel of Cisco Talos.

Trust: 0.3

sources: BID: 108827

EXTERNAL IDS

db:	TALOS	id:	TALOS-2019-0776	Trust: 0.3
db:	NVD	id:	CVE-2019-5017	Trust: 0.3
db:	BID	id:	108827	Trust: 0.3

sources: BID: 108827

REFERENCES

url:	https://www.talosintelligence.com/vulnerability_reports/talos-2019-0776	Trust: 0.3
url:	https://www.kcodes.com/	Trust: 0.3
url:	http://www.netgear.com/	Trust: 0.3
url:	https://kb.netgear.com/000061024/security-advisory-for-kcodes-netusb-unauthenticated-remote-kernel-vulnerabilities-on-r7900-and-r8000-routers-psv-2019-0029	Trust: 0.3

sources: BID: 108827

SOURCES

db:

BID

id:

108827

LAST UPDATE DATE

2022-07-27T09:34:51.697000+00:00

SOURCES UPDATE DATE

db:

BID

id:

108827

date:

2019-06-17T00:00:00

SOURCES RELEASE DATE

db:

BID

id:

108827

date:

2019-06-17T00:00:00