CVE-2019-17373
 
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.
Determinados dispositivos NETGEAR permiten el acceso no autenticado a páginas críticas .cgi y .htm por medio de una subcadena que termina con .jpg, tal y como al agregar ?x=1.jpg en una URL. Esto afecta a MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500 y WNR834Bv2.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-10-09 CVE Reserved
- 2019-10-09 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Netgear Search vendor "Netgear" | Mbr1515 Firmware Search vendor "Netgear" for product "Mbr1515 Firmware" | - | - |
Affected
| in | Netgear Search vendor "Netgear" | Mbr1515 Search vendor "Netgear" for product "Mbr1515" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Mbr1516 Firmware Search vendor "Netgear" for product "Mbr1516 Firmware" | - | - |
Affected
| in | Netgear Search vendor "Netgear" | Mbr1516 Search vendor "Netgear" for product "Mbr1516" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Dgn2200 Firmware Search vendor "Netgear" for product "Dgn2200 Firmware" | - | - |
Affected
| in | Netgear Search vendor "Netgear" | Dgn2200 Search vendor "Netgear" for product "Dgn2200" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Dgn2200m Firmware Search vendor "Netgear" for product "Dgn2200m Firmware" | - | - |
Affected
| in | Netgear Search vendor "Netgear" | Dgn2200m Search vendor "Netgear" for product "Dgn2200m" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Dgnd3700 Firmware Search vendor "Netgear" for product "Dgnd3700 Firmware" | - | - |
Affected
| in | Netgear Search vendor "Netgear" | Dgnd3700 Search vendor "Netgear" for product "Dgnd3700" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Wnr2000v2 Firmware Search vendor "Netgear" for product "Wnr2000v2 Firmware" | - | - |
Affected
| in | Netgear Search vendor "Netgear" | Wnr2000v2 Search vendor "Netgear" for product "Wnr2000v2" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Wndr3300 Firmware Search vendor "Netgear" for product "Wndr3300 Firmware" | - | - |
Affected
| in | Netgear Search vendor "Netgear" | Wndr3300 Search vendor "Netgear" for product "Wndr3300" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Wndr3400 Firmware Search vendor "Netgear" for product "Wndr3400 Firmware" | - | - |
Affected
| in | Netgear Search vendor "Netgear" | Wndr3400 Search vendor "Netgear" for product "Wndr3400" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Wnr3500 Firmware Search vendor "Netgear" for product "Wnr3500 Firmware" | - | - |
Affected
| in | Netgear Search vendor "Netgear" | Wnr3500 Search vendor "Netgear" for product "Wnr3500" | - | - |
Safe
|
Netgear Search vendor "Netgear" | Wnr834bv2 Firmware Search vendor "Netgear" for product "Wnr834bv2 Firmware" | - | - |
Affected
| in | Netgear Search vendor "Netgear" | Wnr834bv2 Search vendor "Netgear" for product "Wnr834bv2" | - | - |
Safe
|