Vulnerabilites related to netgear - mbr1516_firmware
cve-2019-17373
Vulnerability from cvelistv5
Published
2019-10-09 12:07
Modified
2024-08-05 01:40
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:40:15.309Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-09T12:07:13", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-17373", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md", refsource: "MISC", url: "https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-17373", datePublished: "2019-10-09T12:07:13", dateReserved: "2019-10-09T00:00:00", dateUpdated: "2024-08-05T01:40:15.309Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2019-10-09 13:15
Modified
2024-11-21 04:32
Severity ?
Summary
Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
netgear | mbr1515_firmware | - | |
netgear | mbr1515 | - | |
netgear | mbr1516_firmware | - | |
netgear | mbr1516 | - | |
netgear | dgn2200_firmware | - | |
netgear | dgn2200 | - | |
netgear | dgn2200m_firmware | - | |
netgear | dgn2200m | - | |
netgear | dgnd3700_firmware | - | |
netgear | dgnd3700 | - | |
netgear | wnr2000v2_firmware | - | |
netgear | wnr2000v2 | - | |
netgear | wndr3300_firmware | - | |
netgear | wndr3300 | - | |
netgear | wndr3400_firmware | - | |
netgear | wndr3400 | - | |
netgear | wnr3500_firmware | - | |
netgear | wnr3500 | - | |
netgear | wnr834bv2_firmware | - | |
netgear | wnr834bv2 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:mbr1515_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "EB638052-409C-4DDF-8DF9-68938F1968F7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:mbr1515:-:*:*:*:*:*:*:*", matchCriteriaId: "03129881-D4E6-4509-8749-30AA2A0FF964", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:mbr1516_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "A47C9274-DBBB-438D-B2CB-A64656C14B44", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:mbr1516:-:*:*:*:*:*:*:*", matchCriteriaId: "3A28B362-80CD-47DF-BE61-77FE318756AC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dgn2200_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F7FE771C-4199-4225-B1CE-7BC10CD49F49", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dgn2200:-:*:*:*:*:*:*:*", matchCriteriaId: "37C89394-ED7D-4C5F-9573-47A0378E22C8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dgn2200m_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "A13538C2-75B3-44B3-AFB1-FE8A78464341", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dgn2200m:-:*:*:*:*:*:*:*", matchCriteriaId: "F47DC113-247A-4EF1-BA26-0DE0F130E15D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:dgnd3700_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "5EB7B918-BE0F-4D06-8DEC-808440959DD7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:dgnd3700:-:*:*:*:*:*:*:*", matchCriteriaId: "AEC17F51-BDB8-4B30-B5E9-557CBDFDE785", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr2000v2_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "684E46F4-5C25-4A73-A045-461BEF5875A1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr2000v2:-:*:*:*:*:*:*:*", matchCriteriaId: "31247E55-E754-46D0-9A46-B0D319C21221", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3300_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F1DD8079-4C49-4C70-84DA-F1BB77E31C00", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3300:-:*:*:*:*:*:*:*", matchCriteriaId: "D5EFA6F2-B466-41DD-AAD6-10CE70DC6CC4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wndr3400_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "EAE2C525-B967-4266-8A04-C248075C74E7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wndr3400:-:*:*:*:*:*:*:*", matchCriteriaId: "223685E0-7DF2-45A6-A9A7-11FA5BFEA3DB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr3500_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "90AA886C-2ECA-43C5-93D5-C092747047E4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr3500:-:*:*:*:*:*:*:*", matchCriteriaId: "C33815C7-7CD6-4E07-9180-1EBA55F0D4B7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netgear:wnr834bv2_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "444537A0-6EBE-40E4-9223-6075FDD7289B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netgear:wnr834bv2:-:*:*:*:*:*:*:*", matchCriteriaId: "0B83E1B8-F543-4678-8168-3D9E465BEB7D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.", }, { lang: "es", value: "Determinados dispositivos NETGEAR permiten el acceso no autenticado a páginas críticas .cgi y .htm por medio de una subcadena que termina con .jpg, tal y como al agregar ?x=1.jpg en una URL. Esto afecta a MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500 y WNR834Bv2.", }, ], id: "CVE-2019-17373", lastModified: "2024-11-21T04:32:12.537", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-09T13:15:20.193", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }