Details of VAR-201910-1260

ID

VAR-201910-1260

CVE

CVE-2019-17372

TITLE

plural NETGEAR Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-011047

DESCRIPTION

Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered.html to obtain a valid new admin password. This affects AC1450, D8500, DC112A, JNDR3000, LG2200D, R4500, R6200, R6200V2, R6250, R6300, R6300v2, R6400, R6700, R6900P, R6900, R7000P, R7000, R7100LG, R7300, R7900, R8000, R8300, R8500, WGR614v10, WN2500RPv2, WNDR3400v2, WNDR3700v3, WNDR4000, WNDR4500, WNDR4500v2, WNR1000, WNR1000v3, WNR3500L, and WNR3500L. plural NETGEAR The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NETGEAR AC1450, etc. are all wireless routers of NETGEAR. A number of NETGEAR products have authorization issues. The vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products. There is currently no detailed vulnerability details provided

Trust: 2.16

sources: NVD: CVE-2019-17372 // JVNDB: JVNDB-2019-011047 // CNVD: CNVD-2020-23147

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-23147

AFFECTED PRODUCTS

vendor:	netgear	model:	wnr1000v3	scope:	eq	version:	-	Trust: 2.2
vendor:	netgear	model:	wnr3500l	scope:	eq	version:	-	Trust: 2.2
vendor:	netgear	model:	wndr4500v2	scope:	eq	version:	-	Trust: 2.2
vendor:	netgear	model:	wndr4500	scope:	eq	version:	-	Trust: 2.2
vendor:	netgear	model:	wnr1000	scope:	eq	version:	-	Trust: 2.2
vendor:	netgear	model:	r6900p	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	wndr4000	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	r8500	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	r4500	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	lg2200d	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	d8500	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	r6300	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	dc112a	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	r7900	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	r7000	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	r6250	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	r7100lg	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	wgr614v10	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	r7000p	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	r8000	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	r8300	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	jndr3000	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	ac1450	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	r6200	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	r6300v2	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	wn2500rpv2	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	wndr3700v3	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	r6900	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	r6200v2	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	r7300	scope:	eq	version:	-	Trust: 1.0
vendor:	netgear	model:	wndr3400v2	scope:	eq	version:	-	Trust: 1.0
vendor:	net gear	model:	ac1450	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	d8500	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	dc112a	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	jndr3000	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	lg2200d	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	r4500	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	r6200	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	r6200v2	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	r6250	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	r6300	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	ac1450	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	d8500	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	dc112a	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	jndr3000	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	lg2200d	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r4500	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r6200	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r6200v2	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r6250	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r6300	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r6300v2	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r6400	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r6700	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r6900p	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r6900	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r7000p	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r7000	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r7100lg	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r7300	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r7900	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r8000	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r8300	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-23147 // JVNDB: JVNDB-2019-011047 // CNNVD: CNNVD-201910-510 // NVD: CVE-2019-17372

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-17372
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-17372
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-23147
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201910-510
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-17372
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-23147
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-17372
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-17372
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-23147 // JVNDB: JVNDB-2019-011047 // CNNVD: CNNVD-201910-510 // NVD: CVE-2019-17372

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2019-011047 // NVD: CVE-2019-17372

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-510

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201910-510

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011047

PATCH

title:

Top Page

url:

https://www.netgear.com/

Trust: 0.8

sources: JVNDB: JVNDB-2019-011047

EXTERNAL IDS

db:	NVD	id:	CVE-2019-17372	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-011047	Trust: 0.8
db:	CNVD	id:	CNVD-2020-23147	Trust: 0.6
db:	CNNVD	id:	CNNVD-201910-510	Trust: 0.6

sources: CNVD: CNVD-2020-23147 // JVNDB: JVNDB-2019-011047 // CNNVD: CNNVD-201910-510 // NVD: CVE-2019-17372

REFERENCES

url:	https://github.com/zer0yu/cve_request/blob/master/netgear/netgear_cgi_unauthorized_access_vulnerability.md	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17372	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17372	Trust: 0.8

sources: CNVD: CNVD-2020-23147 // JVNDB: JVNDB-2019-011047 // CNNVD: CNNVD-201910-510 // NVD: CVE-2019-17372

SOURCES

db:	CNVD	id:	CNVD-2020-23147
db:	JVNDB	id:	JVNDB-2019-011047
db:	CNNVD	id:	CNNVD-201910-510
db:	NVD	id:	CVE-2019-17372

LAST UPDATE DATE

2024-11-23T22:41:18.875000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-23147	date:	2020-04-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-011047	date:	2019-10-28T00:00:00
db:	CNNVD	id:	CNNVD-201910-510	date:	2019-11-27T00:00:00
db:	NVD	id:	CVE-2019-17372	date:	2024-11-21T04:32:12.360

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-23147	date:	2020-04-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-011047	date:	2019-10-28T00:00:00
db:	CNNVD	id:	CNNVD-201910-510	date:	2019-10-09T00:00:00
db:	NVD	id:	CVE-2019-17372	date:	2019-10-09T13:15:16.863