CVE-2019-5016
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
17/06/2019
Last modified:
13/06/2022
Description
An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory read, resulting in a denial of service or remote information disclosure. An unauthenticated attacker can send a crafted packet on the local network to trigger this vulnerability.
Impact
Base Score 3.x
9.10
Severity 3.x
CRITICAL
Base Score 2.0
6.40
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:netgear:r8000_firmware:1.0.4.28_10.1.54:*:*:*:*:*:*:* | ||
| cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:r7900_firmware:1.0.3.810.037:*:*:*:*:*:*:* | ||
| cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:kcodes:netusb.ko:1.0.2.66:*:*:*:*:*:*:* | ||
| cpe:2.3:a:kcodes:netusb.ko:1.0.2.69:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page