Vulnerabilites related to netgear - wndr3300
var-201312-0602
Vulnerability from variot
Netgear is a well-known manufacturer of network equipment. Its router products are mainly used for enterprises and individual users.
Many routers produced by NetGear have backdoors. The backdoor is the super user and password set by the manufacturer. The attacker can use the backdoor to obtain the root authority of the router in the adjacent network, and then implant the Trojan horse to completely control the user's router. Subsequent dns hijacking attacks can be launched.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0602",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r6300",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "v2"
},
{
"model": "r6300",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "v1"
},
{
"model": "wndr3300",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndr3400",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "v2"
},
{
"model": "wndr3700 router",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndr3800",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndr4300",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndr4500",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wnr3500l",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wnr3500l",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "v2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15013"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2013-15013",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-15013",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15013"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear is a well-known manufacturer of network equipment. Its router products are mainly used for enterprises and individual users.\r\n\r\n\r\nMany routers produced by NetGear have backdoors. The backdoor is the super user and password set by the manufacturer. The attacker can use the backdoor to obtain the root authority of the router in the adjacent network, and then implant the Trojan horse to completely control the user\u0027s router. Subsequent dns hijacking attacks can be launched.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15013"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-15013",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15013"
}
]
},
"id": "VAR-201312-0602",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15013"
}
],
"trust": 1.4353004999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15013"
}
]
},
"last_update_date": "2022-05-04T10:16:42.620000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Many NetGear routers have backdoor vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/44671"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15013"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-15013"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15013"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15013"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Many NetGear routers have backdoor vulnerabilities",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15013"
}
],
"trust": 0.6
}
}
var-201910-1261
Vulnerability from variot
Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2. plural NETGEAR The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NETGEAR MBR1515 is a wireless router of NETGEAR.
A number of NETGEAR products have authorization issues. The vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products. There is currently no detailed vulnerability details provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-1261",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wndr3400",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "wnr3500",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "mbr1515",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "dgn2200",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "wnr834bv2",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "wnr2000v2",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "dgnd3700",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "dgn2200m",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "wndr3300",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "mbr1516",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "dgn2200",
"scope": null,
"trust": 0.8,
"vendor": "net gear",
"version": null
},
{
"model": "dgn2200m",
"scope": null,
"trust": 0.8,
"vendor": "net gear",
"version": null
},
{
"model": "dgnd3700",
"scope": null,
"trust": 0.8,
"vendor": "net gear",
"version": null
},
{
"model": "mbr1515",
"scope": null,
"trust": 0.8,
"vendor": "net gear",
"version": null
},
{
"model": "mbr1516",
"scope": null,
"trust": 0.8,
"vendor": "net gear",
"version": null
},
{
"model": "wndr3300",
"scope": null,
"trust": 0.8,
"vendor": "net gear",
"version": null
},
{
"model": "wndr3400",
"scope": null,
"trust": 0.8,
"vendor": "net gear",
"version": null
},
{
"model": "wnr2000v2",
"scope": null,
"trust": 0.8,
"vendor": "net gear",
"version": null
},
{
"model": "wnr3500",
"scope": null,
"trust": 0.8,
"vendor": "net gear",
"version": null
},
{
"model": "wnr834bv2",
"scope": null,
"trust": 0.8,
"vendor": "net gear",
"version": null
},
{
"model": "dgnd3700",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "dgn2200",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wnr3500l",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndr3300",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "wndr3400",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "mbr1516",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
},
{
"model": "mbr1515",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23146"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011048"
},
{
"db": "NVD",
"id": "CVE-2019-17373"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:dgn2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:dgn2200m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:dgnd3700_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:mbr1515_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:mbr1516_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wndr3300_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wndr3400_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wnr2000v2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wnr3500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wnr834bv2_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011048"
}
]
},
"cve": "CVE-2019-17373",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-17373",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-23146",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-17373",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-17373",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-17373",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-17373",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-23146",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-514",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23146"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011048"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-514"
},
{
"db": "NVD",
"id": "CVE-2019-17373"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2. plural NETGEAR The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NETGEAR MBR1515 is a wireless router of NETGEAR. \n\r\n\r\nA number of NETGEAR products have authorization issues. The vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products. There is currently no detailed vulnerability details provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17373"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011048"
},
{
"db": "CNVD",
"id": "CNVD-2020-23146"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-17373",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011048",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-23146",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-514",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23146"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011048"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-514"
},
{
"db": "NVD",
"id": "CVE-2019-17373"
}
]
},
"id": "VAR-201910-1261",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23146"
}
],
"trust": 1.26238279
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23146"
}
]
},
"last_update_date": "2024-11-23T21:51:51.903000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.netgear.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011048"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-287",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011048"
},
{
"db": "NVD",
"id": "CVE-2019-17373"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/zer0yu/cve_request/blob/master/netgear/netgear_web_interface_exists_authentication_bypass.md"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17373"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17373"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23146"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011048"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-514"
},
{
"db": "NVD",
"id": "CVE-2019-17373"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-23146"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011048"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-514"
},
{
"db": "NVD",
"id": "CVE-2019-17373"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-23146"
},
{
"date": "2019-10-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011048"
},
{
"date": "2019-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-514"
},
{
"date": "2019-10-09T13:15:20.193000",
"db": "NVD",
"id": "CVE-2019-17373"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-23146"
},
{
"date": "2019-10-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011048"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-514"
},
{
"date": "2024-11-21T04:32:12.537000",
"db": "NVD",
"id": "CVE-2019-17373"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-514"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Authentication vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011048"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-514"
}
],
"trust": 0.6
}
}
var-202106-2160
Vulnerability from variot
The NETGEAR WNDR3300 router is a wireless router device.
The NETGEAR WNDR3300 router has a weak password vulnerability. Attackers can use this vulnerability to control the device, obtain sensitive information and perform unauthorized operations.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-2160",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wndr3300",
"scope": null,
"trust": 0.6,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37295"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-37295",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2021-37295",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37295"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The NETGEAR WNDR3300 router is a wireless router device.\n\r\n\r\nThe NETGEAR WNDR3300 router has a weak password vulnerability. Attackers can use this vulnerability to control the device, obtain sensitive information and perform unauthorized operations.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37295"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-37295",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37295"
}
]
},
"id": "VAR-202106-2160",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37295"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37295"
}
]
},
"last_update_date": "2022-05-04T09:21:18.845000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-37295"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-37295"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-37295"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NETGEAR WNDR3300 router has weak password vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37295"
}
],
"trust": 0.6
}
}
cve-2019-17373
Vulnerability from cvelistv5
Published
2019-10-09 12:07
Modified
2024-08-05 01:40
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:15.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T12:07:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md",
"refsource": "MISC",
"url": "https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17373",
"datePublished": "2019-10-09T12:07:13",
"dateReserved": "2019-10-09T00:00:00",
"dateUpdated": "2024-08-05T01:40:15.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-10-09 13:15
Modified
2024-11-21 04:32
Severity ?
Summary
Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | mbr1515_firmware | - | |
| netgear | mbr1515 | - | |
| netgear | mbr1516_firmware | - | |
| netgear | mbr1516 | - | |
| netgear | dgn2200_firmware | - | |
| netgear | dgn2200 | - | |
| netgear | dgn2200m_firmware | - | |
| netgear | dgn2200m | - | |
| netgear | dgnd3700_firmware | - | |
| netgear | dgnd3700 | - | |
| netgear | wnr2000v2_firmware | - | |
| netgear | wnr2000v2 | - | |
| netgear | wndr3300_firmware | - | |
| netgear | wndr3300 | - | |
| netgear | wndr3400_firmware | - | |
| netgear | wndr3400 | - | |
| netgear | wnr3500_firmware | - | |
| netgear | wnr3500 | - | |
| netgear | wnr834bv2_firmware | - | |
| netgear | wnr834bv2 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mbr1515_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB638052-409C-4DDF-8DF9-68938F1968F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mbr1515:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03129881-D4E6-4509-8749-30AA2A0FF964",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:mbr1516_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A47C9274-DBBB-438D-B2CB-A64656C14B44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:mbr1516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A28B362-80CD-47DF-BE61-77FE318756AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:dgn2200_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7FE771C-4199-4225-B1CE-7BC10CD49F49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:dgn2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37C89394-ED7D-4C5F-9573-47A0378E22C8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:dgn2200m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A13538C2-75B3-44B3-AFB1-FE8A78464341",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:dgn2200m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F47DC113-247A-4EF1-BA26-0DE0F130E15D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:dgnd3700_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB7B918-BE0F-4D06-8DEC-808440959DD7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:dgnd3700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC17F51-BDB8-4B30-B5E9-557CBDFDE785",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr2000v2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "684E46F4-5C25-4A73-A045-461BEF5875A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr2000v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31247E55-E754-46D0-9A46-B0D319C21221",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr3300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1DD8079-4C49-4C70-84DA-F1BB77E31C00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr3300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5EFA6F2-B466-41DD-AAD6-10CE70DC6CC4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wndr3400_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAE2C525-B967-4266-8A04-C248075C74E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wndr3400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "223685E0-7DF2-45A6-A9A7-11FA5BFEA3DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr3500_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90AA886C-2ECA-43C5-93D5-C092747047E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr3500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C33815C7-7CD6-4E07-9180-1EBA55F0D4B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:wnr834bv2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "444537A0-6EBE-40E4-9223-6075FDD7289B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:wnr834bv2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B83E1B8-F543-4678-8168-3D9E465BEB7D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR permiten el acceso no autenticado a p\u00e1ginas cr\u00edticas .cgi y .htm por medio de una subcadena que termina con .jpg, tal y como al agregar ?x=1.jpg en una URL. Esto afecta a MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500 y WNR834Bv2."
}
],
"id": "CVE-2019-17373",
"lastModified": "2024-11-21T04:32:12.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-09T13:15:20.193",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}