Sign-up

ID

VAR-201910-1261


CVE

CVE-2019-17373


TITLE

plural NETGEAR Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-011048

DESCRIPTION

Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2. plural NETGEAR The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NETGEAR MBR1515 is a wireless router of NETGEAR. A number of NETGEAR products have authorization issues. The vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products. There is currently no detailed vulnerability details provided

Trust: 2.16

sources: NVD: CVE-2019-17373 // JVNDB: JVNDB-2019-011048 // CNVD: CNVD-2020-23146

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-23146

AFFECTED PRODUCTS

vendor:netgearmodel:wndr3400scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:wnr3500scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:mbr1515scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:dgn2200scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:wnr834bv2scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:wnr2000v2scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:dgnd3700scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:dgn2200mscope:eqversion: -

Trust: 1.0

vendor:netgearmodel:wndr3300scope:eqversion: -

Trust: 1.0

vendor:netgearmodel:mbr1516scope:eqversion: -

Trust: 1.0

vendor:net gearmodel:dgn2200scope: - version: -

Trust: 0.8

vendor:net gearmodel:dgn2200mscope: - version: -

Trust: 0.8

vendor:net gearmodel:dgnd3700scope: - version: -

Trust: 0.8

vendor:net gearmodel:mbr1515scope: - version: -

Trust: 0.8

vendor:net gearmodel:mbr1516scope: - version: -

Trust: 0.8

vendor:net gearmodel:wndr3300scope: - version: -

Trust: 0.8

vendor:net gearmodel:wndr3400scope: - version: -

Trust: 0.8

vendor:net gearmodel:wnr2000v2scope: - version: -

Trust: 0.8

vendor:net gearmodel:wnr3500scope: - version: -

Trust: 0.8

vendor:net gearmodel:wnr834bv2scope: - version: -

Trust: 0.8

vendor:netgearmodel:dgnd3700scope: - version: -

Trust: 0.6

vendor:netgearmodel:dgn2200scope: - version: -

Trust: 0.6

vendor:netgearmodel:wnr3500lscope: - version: -

Trust: 0.6

vendor:netgearmodel:wndr3300scope: - version: -

Trust: 0.6

vendor:netgearmodel:wndr3400scope: - version: -

Trust: 0.6

vendor:netgearmodel:mbr1516scope: - version: -

Trust: 0.6

vendor:netgearmodel:mbr1515scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-23146 // JVNDB: JVNDB-2019-011048 // NVD: CVE-2019-17373

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-17373
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-17373
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-23146
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201910-514
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-17373
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-23146
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-17373
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-17373
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-23146 // JVNDB: JVNDB-2019-011048 // CNNVD: CNNVD-201910-514 // NVD: CVE-2019-17373

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-287

Trust: 0.8

sources: JVNDB: JVNDB-2019-011048 // NVD: CVE-2019-17373

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-514

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201910-514

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011048

PATCH
title:Top Pageurl:https://www.netgear.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-011048

EXTERNAL IDS
db:NVDid:CVE-2019-17373
Trust: 3.0
db:JVNDBid:JVNDB-2019-011048
Trust: 0.8
db:CNVDid:CNVD-2020-23146
Trust: 0.6
db:CNNVDid:CNNVD-201910-514
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-23146 // 
            
            
            
            JVNDB: JVNDB-2019-011048 // 
            
            
            
            CNNVD: CNNVD-201910-514 // 
            
            
            
            NVD: CVE-2019-17373

REFERENCES
url:https://github.com/zer0yu/cve_request/blob/master/netgear/netgear_web_interface_exists_authentication_bypass.md
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-17373
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17373
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-23146 // 
            
            
            
            JVNDB: JVNDB-2019-011048 // 
            
            
            
            CNNVD: CNNVD-201910-514 // 
            
            
            
            NVD: CVE-2019-17373

SOURCES
db:CNVDid:CNVD-2020-23146
db:JVNDBid:JVNDB-2019-011048
db:CNNVDid:CNNVD-201910-514
db:NVDid:CVE-2019-17373

LAST UPDATE DATE
2024-11-23T21:51:51.903000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-23146date:2020-04-16T00:00:00
db:JVNDBid:JVNDB-2019-011048date:2019-10-28T00:00:00
db:CNNVDid:CNNVD-201910-514date:2020-08-25T00:00:00
db:NVDid:CVE-2019-17373date:2024-11-21T04:32:12.537

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-23146date:2020-04-16T00:00:00
db:JVNDBid:JVNDB-2019-011048date:2019-10-28T00:00:00
db:CNNVDid:CNNVD-201910-514date:2019-10-09T00:00:00
db:NVDid:CVE-2019-17373date:2019-10-09T13:15:20.193