CVE-2019-5016

An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory read, resulting in a denial of service or remote information disclosure. An unauthenticated attacker can send a crafted packet on the local network to trigger this vulnerability.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:r8000_firmware:1.0.4.28_10.1.54:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:netgear:r7900_firmware:1.0.3.810.037:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:kcodes:netusb.ko:1.0.2.66:*:*:*:*:*:*:*
cpe:2.3:a:kcodes:netusb.ko:1.0.2.69:*:*:*:*:*:*:*

History

21 Nov 2024, 04:44

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/108820 - Broken Link () http://www.securityfocus.com/bid/108820 - Broken Link
References () https://talosintelligence.com/vulnerability_reports/TALOS-2019-0775 - Third Party Advisory () https://talosintelligence.com/vulnerability_reports/TALOS-2019-0775 - Third Party Advisory

Information

Published : 2019-06-17 21:15

Updated : 2024-11-21 04:44


NVD link : CVE-2019-5016

Mitre link : CVE-2019-5016

CVE.ORG link : CVE-2019-5016


JSON object : View

Products Affected

netgear

  • r7900
  • r8000_firmware
  • r7900_firmware
  • r8000

kcodes

  • netusb.ko
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor