CVE-2019-17373

Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:mbr1515_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:mbr1515:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:netgear:mbr1516_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:mbr1516:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netgear:dgn2200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:dgn2200:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netgear:dgn2200m_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:dgn2200m:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netgear:dgnd3700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:dgnd3700:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netgear:wnr2000v2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr2000v2:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netgear:wndr3300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wndr3300:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:netgear:wndr3400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wndr3400:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:netgear:wnr3500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr3500:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:netgear:wnr834bv2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:wnr834bv2:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:32

Type Values Removed Values Added
References () https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md - Third Party Advisory () https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md - Third Party Advisory

Information

Published : 2019-10-09 13:15

Updated : 2024-11-21 04:32


NVD link : CVE-2019-17373

Mitre link : CVE-2019-17373

CVE.ORG link : CVE-2019-17373


JSON object : View

Products Affected

netgear

  • mbr1515
  • dgnd3700
  • wnr834bv2
  • dgnd3700_firmware
  • wndr3400_firmware
  • wnr3500_firmware
  • dgn2200
  • mbr1516_firmware
  • wnr2000v2
  • mbr1516
  • wndr3400
  • wndr3300
  • wnr834bv2_firmware
  • mbr1515_firmware
  • wnr3500
  • dgn2200m_firmware
  • dgn2200_firmware
  • wnr2000v2_firmware
  • wndr3300_firmware
  • dgn2200m