8.1

CVE-2019-17372

Exploit

EPSS 0.51%
Published 09.10.2019 13:15:16
Last modified 21.11.2024 04:32:12
Source cve@mitre.org
Teams watchlist Login
Open Login

Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered.html to obtain a valid new admin password. This affects AC1450, D8500, DC112A, JNDR3000, LG2200D, R4500, R6200, R6200V2, R6250, R6300, R6300v2, R6400, R6700, R6900P, R6900, R7000P, R7000, R7100LG, R7300, R7900, R8000, R8300, R8500, WGR614v10, WN2500RPv2, WNDR3400v2, WNDR3700v3, WNDR4000, WNDR4500, WNDR4500v2, WNR1000, WNR1000v3, WNR3500L, and WNR3500L.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Netgear ≫ Ac1450 Firmware Version-

Netgear ≫ Ac1450 Version-

Netgear ≫ D8500 Firmware Version-

Netgear ≫ D8500 Version-

Netgear ≫ Dc112a Firmware Version-

Netgear ≫ Dc112a Version-

Netgear ≫ Jndr3000 Firmware Version-

Netgear ≫ Jndr3000 Version-

Netgear ≫ Lg2200d Firmware Version-

Netgear ≫ Lg2200d Version-

Netgear ≫ R4500 Firmware Version-

Netgear ≫ R4500 Version-

Netgear ≫ R6200 Firmware Version-

Netgear ≫ R6200 Version-

Netgear ≫ R6200v2 Firmware Version-

Netgear ≫ R6200v2 Version-

Netgear ≫ R6250 Firmware Version-

Netgear ≫ R6250 Version-

Netgear ≫ R6300 Firmware Version-

Netgear ≫ R6300 Version-

Netgear ≫ R6300v2 Firmware Version-

Netgear ≫ R6300v2 Version-

Netgear ≫ R6400 Firmware Version-

Netgear ≫ R6400 Version-

Netgear ≫ R6700 Firmware Version-

Netgear ≫ R6700 Version-

Netgear ≫ R6900p Firmware Version-

Netgear ≫ R6900p Version-

Netgear ≫ R6900 Firmware Version-

Netgear ≫ R6900 Version-

Netgear ≫ R7000p Firmware Version-

Netgear ≫ R7000p Version-

Netgear ≫ R7000 Firmware Version-

Netgear ≫ R7000 Version-

Netgear ≫ R7100lg Firmware Version-

Netgear ≫ R7100lg Version-

Netgear ≫ R7300 Firmware Version-

Netgear ≫ R7300 Version-

Netgear ≫ R7900 Firmware Version-

Netgear ≫ R7900 Version-

Netgear ≫ R8000 Firmware Version-

Netgear ≫ R8000 Version-

Netgear ≫ R8300 Firmware Version-

Netgear ≫ R8300 Version-

Netgear ≫ R8500 Firmware Version-

Netgear ≫ R8500 Version-

Netgear ≫ Wgr614v10 Firmware Version-

Netgear ≫ Wgr614v10 Version-

Netgear ≫ Wn2500rpv2 Firmware Version-

Netgear ≫ Wn2500rpv2 Version-

Netgear ≫ Wndr3400v2 Firmware Version-

Netgear ≫ Wndr3400v2 Version-

Netgear ≫ Wndr3700v3 Firmware Version-

Netgear ≫ Wndr3700v3 Version-

Netgear ≫ Wndr4000 Firmware Version-

Netgear ≫ Wndr4000 Version-

Netgear ≫ Wndr4500 Firmware Version-

Netgear ≫ Wndr4500 Version-

Netgear ≫ Wndr4500v2 Firmware Version-

Netgear ≫ Wndr4500v2 Version-

Netgear ≫ Wnr1000 Firmware Version-

Netgear ≫ Wnr1000 Version-

Netgear ≫ Wnr1000v3 Firmware Version-

Netgear ≫ Wnr1000v3 Version-

Netgear ≫ Wnr3500l Firmware Version-

Netgear ≫ Wnr3500l Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.51%	0.636

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://github.com/zer0yu/CVE_Request/blob/master/netgear/netgear_cgi_unauthorized_access_vulnerability.md

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2019-17372

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-17372

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-17372

EUVD