Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-5017

An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can craft and send a packet containing an opcode that will trigger the kernel module to return several addresses. One of which can be used to calculate the dynamic base address of the module for further exploitation.

Published

2019-06-17T21:15:09.877

Last Modified

2024-11-21T04:44:11.707

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-200
Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	netgear	r8000_firmware	1.0.4.28_10.1.54	Yes
Hardware	netgear	r8000	-	No
Application	kcodes	netusb.ko	1.0.2.66	Yes

References

http://www.securityfocus.com/bid/108827 Broken Link ([email protected])
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0776 Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/108827 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0776 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)