All the vulnerabilites related to netgear - mbr1515
cve-2019-17373
Vulnerability from cvelistv5
Published
2019-10-09 12:07
Modified
2024-08-05 01:40
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:15.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T12:07:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md",
"refsource": "MISC",
"url": "https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17373",
"datePublished": "2019-10-09T12:07:13",
"dateReserved": "2019-10-09T00:00:00",
"dateUpdated": "2024-08-05T01:40:15.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201910-1261
Vulnerability from variot
Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2. plural NETGEAR The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NETGEAR MBR1515 is a wireless router of NETGEAR.
A number of NETGEAR products have authorization issues. The vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products. There is currently no detailed vulnerability details provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-1261",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wnr2000v2",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "wndr3400",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "wnr834bv2",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "dgn2200m",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "mbr1516",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "wnr3500",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "wndr3300",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "mbr1515",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "dgn2200",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "dgnd3700",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "dgn2200",
"scope": null,
"trust": 0.8,
"vendor": "net gear",
"version": null
},
{
"model": "dgn2200m",
"scope": null,
"trust": 0.8,
"vendor": "net gear",
"version": null
},
{
"model": "dgnd3700",
"scope": null,
"trust": 0.8,
"vendor": "net gear",
"version": null
},
{
"model": "mbr1515",
"scope": null,
"trust": 0.8,
"vendor": "net gear",
"version": null
},
{
"model": "mbr1516",
"scope": null,
"trust": 0.8,
"vendor": "net gear",
"version": null
},
{
"model": "wndr3300",
"scope": null,
"trust": 0.8,
"vendor": "net gear",
"version": null
},
{
"model": "wndr3400",
"scope": null,
"trust": 0.8,
"vendor": "net gear",
"version": null
},
{
"model": "wnr2000v2",
"scope": null,
"trust": 0.8,
"vendor": "net gear",
"version": null
},
{
"model": "wnr3500",
"scope": null,
"trust": 0.8,
"vendor": "net gear",
"version": null
},
{
"model": "wnr834bv2",
"scope": null,
"trust": 0.8,
"vendor": "net gear",
"version": null
},
{
"model": "dgnd3700",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "dgn2200",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wnr3500l",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndr3300",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndr3400",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "mbr1516",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "mbr1515",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23146"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011048"
},
{
"db": "NVD",
"id": "CVE-2019-17373"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:mbr1515_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:mbr1515:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:mbr1516_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:mbr1516:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:dgn2200_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:dgn2200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:dgn2200m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:dgn2200m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:dgnd3700_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:dgnd3700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnr2000v2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnr2000v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndr3300_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndr3300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wndr3400_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wndr3400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnr3500_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnr3500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:wnr834bv2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnr834bv2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17373"
}
]
},
"cve": "CVE-2019-17373",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-17373",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-23146",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-17373",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-17373",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-23146",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-514",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23146"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011048"
},
{
"db": "NVD",
"id": "CVE-2019-17373"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-514"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2. plural NETGEAR The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NETGEAR MBR1515 is a wireless router of NETGEAR. \n\r\n\r\nA number of NETGEAR products have authorization issues. The vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products. There is currently no detailed vulnerability details provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17373"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011048"
},
{
"db": "CNVD",
"id": "CNVD-2020-23146"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-17373",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011048",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-23146",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-514",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23146"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011048"
},
{
"db": "NVD",
"id": "CVE-2019-17373"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-514"
}
]
},
"id": "VAR-201910-1261",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23146"
}
],
"trust": 1.26238279
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23146"
}
]
},
"last_update_date": "2023-12-18T12:27:56.299000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.netgear.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011048"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-287",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011048"
},
{
"db": "NVD",
"id": "CVE-2019-17373"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/zer0yu/cve_request/blob/master/netgear/netgear_web_interface_exists_authentication_bypass.md"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17373"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17373"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23146"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011048"
},
{
"db": "NVD",
"id": "CVE-2019-17373"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-514"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-23146"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011048"
},
{
"db": "NVD",
"id": "CVE-2019-17373"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-514"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-23146"
},
{
"date": "2019-10-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011048"
},
{
"date": "2019-10-09T13:15:20.193000",
"db": "NVD",
"id": "CVE-2019-17373"
},
{
"date": "2019-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-514"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-23146"
},
{
"date": "2019-10-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011048"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-17373"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-514"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-514"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Authentication vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011048"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-514"
}
],
"trust": 0.6
}
}
var-202006-1925
Vulnerability from variot
NETGEAR is a computer network equipment developer founded in 1996 and headquartered in San Jose, California.
Many NETGEAR devices have unauthorized remote code execution vulnerabilities. Attackers can use the vulnerability to execute commands directly.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1925",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac1450 v1.0.0.6 1.0.3-v1.0.0.36 10.0.17",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "d6220 v1.0.0.16 1.0.16-v1.0.0.52 1.0.52",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "d6300b v1.0.0.16 1.0.16-v1.0.0.102 1.0.102",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "d6400 v1.0.0.22 1.0.22-v1.0.0.88 1.0.88",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "d7000v2 v1.0.0.38 1.0.1-v1.0.0.56 1.0.1",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "dc112a v1.0.0.24 1.0.60-v1.0.0.44 1.0.60",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "dgn2200 v1.0.0.36 7.0.36-v1.0.0.58 7.0.57",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "dgn2200v4 v1.0.0.5 5.0.3-v1.0.0.110 1.0.110",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "dgn2200m v1.0.0.24 1.0.20na-v1.0.0.37 1.0.21ww",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "dgnd3700 v1.0.0.12 1.0.12na-v1.0.0.17 1.0.17",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "ex3700 v1.0.0.22 1.0.17-v1.0.0.78 1.0.51",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "ex3800 v1.0.0.26 1.0.19-v1.0.0.78 1.0.51",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "ex3920 v1.0.0.26 1.0.19-v1.0.0.78 1.0.51",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "ex6000 v1.0.0.10 1.0.6-v1.0.0.38 1.0.22",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "ex6100 v1.0.0.22 1.0.51-v1.0.2.24 1.1.134",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "ex6120 v1.0.0.4 1.0.2-v1.0.0.48 1.0.30",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "ex6130 v1.0.0.12 1.0.7-v1.0.0.30 1.0.17",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "ex6150 v1.0.0.14 1.0.54-v1.0.0.42 1.0.73",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "ex6200 v1.0.0.38 1.1.52-v1.0.3.90 1.1.125",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "ex6920 v1.0.0.4 1.0.2-v1.0.0.40 1.0.25",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "ex7000 v1.0.0.30 1.0.72-v1.0.1.84 1.0.148",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "lg2200d v1.0.0.57 1.0.40",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "mbm621",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "v1.1.3"
},
{
"model": "mbr624gu v6.00.22.12-v6.01.30.64ww",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "mbr1200",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "v1.2.2.53"
},
{
"model": "mbr1515",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "v1.2.2.68"
},
{
"model": "mbr1516 v1.2.2.84bm",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "mbrn3000 v1.0.0.43na-v1.0.0.74 2.0.12ww",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "mvbr1210c v1.2.0.35bm",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "r4500 v1.0.0.4 1.0.3",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "r6200 v1.0.0.18 1.0.18-v1.0.1.58 1.0.44",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "r6200v2 v1.0.1.14 1.0.14-v1.0.3.12 10.1.11",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "r6250 v1.0.0.62 1.0.62-v1.0.4.38 10.1.30",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "r6300 v1.0.0.68 1.0.16-v1.0.2.80 1.0.59",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "r6300v2 v1.0.1.72 1.0.21-v1.0.4.36 10.0.93",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "r6400 v1.0.0.14 1.0.8-v1.0.1.52 1.0.36",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "r6400v2 v1.0.2.14 1.0.7-v1.0.4.84 10.0.58",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "r6700 v1.0.0.2 1.0.1-v1.0.2.8 10.0.53",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "r6700v3 v1.0.2.52 1.0.39-v1.0.4.84 10.0.58",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "r6900 v1.0.0.2 1.0.2-v1.0.2.8 10.0.38",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "r6900p v1.0.0.46 1.0.30-v1.3.1.64 10.1.36",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "r7000 v1.0.0.96 1.0.15-v1.0.11.100 10.2.100",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "r7000p v1.0.0.44 1.0.27-v1.3.1.64 10.1.36",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "r7100lg v1.0.0.24 1.0.6-v1.0.0.52 1.0.6",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "r7300 v1.0.0.26 1.0.6-v1.0.0.74 1.0.29",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "r7850 v1.0.4.42 10.0.1-v1.0.5.48 10.0.4",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "r7900 v1.0.0.2 10.0.1-v1.0.4.22 10.0.44",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "r8300 v1.0.2.48 1.0.52-v1.0.2.130 1.0.99",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "r8500 v1.0.0.28 1.0.15-v1.0.2.130 1.0.99",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wgr614v8 v1.1.20 7.0.37na-v1.2.10 21.0.52",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wgr614v9 v1.0.9 1.0.1na-v1.2.32 43.0.46",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wgr614v10 v1.0.2.18 47.0.52na-v1.0.2.66 60.0.90",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wgt624v4 v2.0.6 2.0.6na-v2.0.13 2.0.15na",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wn2500rpv2 v1.0.0.24 1.0.53-v1.0.0.30 1.0.58",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wn2500rpv2 v1.0.0.30 1.0.41-v1.0.1.54 1.0.68",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wn3000rp v1.0.0.12 1.0.12-v1.0.2.64 1.1.86",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wn3100rpv2 v1.0.0.6 1.0.12-v1.0.0.20 1.0.22",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wn3500rp v1.0.0.12 1.0.49-v1.0.0.22 1.0.62",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wnce3001 v1.0.0.38-v1.0.0.50 1.0.35",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndr3300v2 v1.0.0.26 11.0.26na",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndr3400 v1.0.0.34 15.0.42-v1.0.0.52 20.0.60",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndr3400v2 v1.0.0.54 1.0.82",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndr3400v3 v1.0.0.20 1.0.28-v1.0.1.24 1.0.67",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndr3700v3 v1.0.0.18 1.0.14-v1.0.0.42 1.0.33",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndr4000 v1.0.0.66 8.0.55-v1.0.2.10 9.1.89",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndr4500 v1.0.0.40 1.0.10-v1.0.1.46 1.0.76",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndr4500v2 v1.0.0.26 1.0.16-v1.0.0.72 1.0.45",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wnr834bv2 v1.0.32 1.0.32na-v2.1.13 2.1.13",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wnr1000v3 v1.0.2.4 39.0.39-v1.0.2.72 60.0.96",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wnr2000v2 v1.0.0.34 29.0.45na-v1.2.0.8 36.0.60",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wnr3500 v1.0.10 1.0.10na-v1.0.36 8.0.36na",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wnr3500v2 v1.0.0.64 11.0.51na-v1.2.2.28 25.0.85",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wnr3500l v1.0.0.86 13.0.75na-v1.2.2.48 35.0.55na",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wnr3500lv2 v1.0.0.10-v1.2.0.56 50.0.96",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "xr300 v1.0.1.4 10.1.4-v1.0.3.38 10.3.30",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "r8000 v1.0.0.46 1.0.17-v1.0.4.46 10.1.63",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "rs400 v1.5.0.34 10.0.33",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndr3300 v1.0.14na-v1.0.45 1.0.45",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34628"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-34628",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2020-34628",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34628"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NETGEAR is a computer network equipment developer founded in 1996 and headquartered in San Jose, California.\n\r\n\r\nMany NETGEAR devices have unauthorized remote code execution vulnerabilities. Attackers can use the vulnerability to execute commands directly.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34628"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SEEBUG",
"id": "SSVID-98253",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-34628",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34628"
}
]
},
"id": "VAR-202006-1925",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34628"
}
],
"trust": 1.5166666666666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34628"
}
]
},
"last_update_date": "2022-05-17T02:01:00.901000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "https://github.com/grimm-co/notquite0dayfriday/tree/master/2020.06.15-netgear"
},
{
"trust": 0.6,
"url": "https://www.seebug.org/vuldb/ssvid-98253"
},
{
"trust": 0.6,
"url": "https://www.zoomeye.org/searchresult?q=service%3a%22http%22service%3a%"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34628"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-34628"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34628"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34628"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unauthorized remote code execution vulnerability in multiple Netgear devices",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34628"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2019-10-09 13:15
Modified
2024-11-21 04:32
Severity ?
Summary
Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | mbr1515_firmware | - | |
| netgear | mbr1515 | - | |
| netgear | mbr1516_firmware | - | |
| netgear | mbr1516 | - | |
| netgear | dgn2200_firmware | - | |
| netgear | dgn2200 | - | |
| netgear | dgn2200m_firmware | - | |
| netgear | dgn2200m | - | |
| netgear | dgnd3700_firmware | - | |
| netgear | dgnd3700 | - | |
| netgear | wnr2000v2_firmware | - | |
| netgear | wnr2000v2 | - | |
| netgear | wndr3300_firmware | - | |
| netgear | wndr3300 | - | |
| netgear | wndr3400_firmware | - | |
| netgear | wndr3400 | - | |
| netgear | wnr3500_firmware | - | |
| netgear | wnr3500 | - | |
| netgear | wnr834bv2_firmware | - | |
| netgear | wnr834bv2 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mbr1515_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB638052-409C-4DDF-8DF9-68938F1968F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mbr1515:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03129881-D4E6-4509-8749-30AA2A0FF964",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mbr1516_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A47C9274-DBBB-438D-B2CB-A64656C14B44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mbr1516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A28B362-80CD-47DF-BE61-77FE318756AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:dgn2200_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7FE771C-4199-4225-B1CE-7BC10CD49F49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:dgn2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C89394-ED7D-4C5F-9573-47A0378E22C8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:dgn2200m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A13538C2-75B3-44B3-AFB1-FE8A78464341",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:dgn2200m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F47DC113-247A-4EF1-BA26-0DE0F130E15D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:dgnd3700_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB7B918-BE0F-4D06-8DEC-808440959DD7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:dgnd3700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC17F51-BDB8-4B30-B5E9-557CBDFDE785",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr2000v2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "684E46F4-5C25-4A73-A045-461BEF5875A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr2000v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31247E55-E754-46D0-9A46-B0D319C21221",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr3300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1DD8079-4C49-4C70-84DA-F1BB77E31C00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr3300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5EFA6F2-B466-41DD-AAD6-10CE70DC6CC4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr3400_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAE2C525-B967-4266-8A04-C248075C74E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr3400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "223685E0-7DF2-45A6-A9A7-11FA5BFEA3DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr3500_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90AA886C-2ECA-43C5-93D5-C092747047E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr3500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C33815C7-7CD6-4E07-9180-1EBA55F0D4B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr834bv2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "444537A0-6EBE-40E4-9223-6075FDD7289B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr834bv2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B83E1B8-F543-4678-8168-3D9E465BEB7D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR permiten el acceso no autenticado a p\u00e1ginas cr\u00edticas .cgi y .htm por medio de una subcadena que termina con .jpg, tal y como al agregar ?x=1.jpg en una URL. Esto afecta a MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500 y WNR834Bv2."
}
],
"id": "CVE-2019-17373",
"lastModified": "2024-11-21T04:32:12.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-09T13:15:20.193",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}