var-201906-0193
Vulnerability from variot
An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can craft and send a packet containing an opcode that will trigger the kernel module to return several addresses. One of which can be used to calculate the dynamic base address of the module for further exploitation. The NETGEARNighthawk AC3200 is a tri-band wireless router from NETGEAR. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component. KCodes NetUSB is prone to an information-disclosure vulnerability. KCodes NetUSB.ko versions 1.0.2.66 and 1.0.2.69 are vulnerable; other versions may also be affected. KCodes NetUSB.ko is a Linux kernel module that provides USB services through IP provided by Taiwan KCodes Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0193",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netusb.ko",
"scope": "eq",
"trust": 1.3,
"vendor": "kcodes",
"version": "1.0.2.66"
},
{
"model": "r8000",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.4.28_10.1.54"
},
{
"model": "netusb",
"scope": null,
"trust": 0.8,
"vendor": "kcodes",
"version": null
},
{
"model": "r8000",
"scope": null,
"trust": 0.8,
"vendor": "net gear",
"version": null
},
{
"model": "netusb.ko",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "1.0.2.66"
},
{
"model": "ac3200 nighthawk",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "1.0.4.2810.1.54"
},
{
"model": "ac3000 nighthawk",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "1.0.3.810.0.37"
},
{
"model": "netusb.ko",
"scope": "eq",
"trust": 0.3,
"vendor": "kcodes",
"version": "1.0.2.69"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18873"
},
{
"db": "BID",
"id": "108827"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005655"
},
{
"db": "NVD",
"id": "CVE-2019-5017"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:kcodes:netusb",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:r8000_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005655"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dave McDaniel of Cisco Talos.",
"sources": [
{
"db": "BID",
"id": "108827"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-666"
}
],
"trust": 0.9
},
"cve": "CVE-2019-5017",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-5017",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-18873",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-156452",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5017",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5017",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-5017",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5017",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2019-5017",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-5017",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-18873",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-666",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-156452",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18873"
},
{
"db": "VULHUB",
"id": "VHN-156452"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005655"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-666"
},
{
"db": "NVD",
"id": "CVE-2019-5017"
},
{
"db": "NVD",
"id": "CVE-2019-5017"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can craft and send a packet containing an opcode that will trigger the kernel module to return several addresses. One of which can be used to calculate the dynamic base address of the module for further exploitation. The NETGEARNighthawk AC3200 is a tri-band wireless router from NETGEAR. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component. KCodes NetUSB is prone to an information-disclosure vulnerability. \nKCodes NetUSB.ko versions 1.0.2.66 and 1.0.2.69 are vulnerable; other versions may also be affected. KCodes NetUSB.ko is a Linux kernel module that provides USB services through IP provided by Taiwan KCodes Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5017"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005655"
},
{
"db": "CNVD",
"id": "CNVD-2019-18873"
},
{
"db": "BID",
"id": "108827"
},
{
"db": "VULHUB",
"id": "VHN-156452"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5017",
"trust": 3.4
},
{
"db": "TALOS",
"id": "TALOS-2019-0776",
"trust": 2.8
},
{
"db": "BID",
"id": "108827",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005655",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-666",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-18873",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-156452",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18873"
},
{
"db": "VULHUB",
"id": "VHN-156452"
},
{
"db": "BID",
"id": "108827"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005655"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-666"
},
{
"db": "NVD",
"id": "CVE-2019-5017"
}
]
},
"id": "VAR-201906-0193",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18873"
},
{
"db": "VULHUB",
"id": "VHN-156452"
}
],
"trust": 1.16105902
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18873"
}
]
},
"last_update_date": "2024-11-23T21:37:15.216000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NetUSB (USB over IP)",
"trust": 0.8,
"url": "https://www.kcodes.com/product/1/36"
},
{
"title": "Model: R8000",
"trust": 0.8,
"url": "https://www.netgear.com/home/products/networking/wifi-routers/R8000.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005655"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-156452"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005655"
},
{
"db": "NVD",
"id": "CVE-2019-5017"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0776"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5017"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/108827"
},
{
"trust": 0.9,
"url": "http://www.netgear.com/"
},
{
"trust": 0.9,
"url": "https://www.kcodes.com/"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2019-0776"
},
{
"trust": 0.9,
"url": "https://kb.netgear.com/000061024/security-advisory-for-kcodes-netusb-unauthenticated-remote-kernel-vulnerabilities-on-r7900-and-r8000-routers-psv-2019-0029"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5017"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18873"
},
{
"db": "VULHUB",
"id": "VHN-156452"
},
{
"db": "BID",
"id": "108827"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005655"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-666"
},
{
"db": "NVD",
"id": "CVE-2019-5017"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-18873"
},
{
"db": "VULHUB",
"id": "VHN-156452"
},
{
"db": "BID",
"id": "108827"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005655"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-666"
},
{
"db": "NVD",
"id": "CVE-2019-5017"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18873"
},
{
"date": "2019-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-156452"
},
{
"date": "2019-06-17T00:00:00",
"db": "BID",
"id": "108827"
},
{
"date": "2019-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005655"
},
{
"date": "2019-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-666"
},
{
"date": "2019-06-17T21:15:09.877000",
"db": "NVD",
"id": "CVE-2019-5017"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18873"
},
{
"date": "2019-06-21T00:00:00",
"db": "VULHUB",
"id": "VHN-156452"
},
{
"date": "2019-06-17T00:00:00",
"db": "BID",
"id": "108827"
},
{
"date": "2019-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005655"
},
{
"date": "2019-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-666"
},
{
"date": "2024-11-21T04:44:11.707000",
"db": "NVD",
"id": "CVE-2019-5017"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-666"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "KCodes NetUSB.ko Kernel modules and NETGEAR Nighthawk Information disclosure vulnerability in routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005655"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-666"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.