1. CVE-Search
  2. CVE-2019-17373
ID CVE-2019-17373
Summary Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.
References
Vulnerable Configurations
  • cpe:2.3:o:netgear:mbr1515_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netgear:mbr1515_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netgear:mbr1515:-:*:*:*:*:*:*:*
    cpe:2.3:h:netgear:mbr1515:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netgear:mbr1516_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netgear:mbr1516_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netgear:mbr1516:-:*:*:*:*:*:*:*
    cpe:2.3:h:netgear:mbr1516:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netgear:dgn2200_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netgear:dgn2200_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netgear:dgn2200:-:*:*:*:*:*:*:*
    cpe:2.3:h:netgear:dgn2200:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netgear:dgn2200m_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netgear:dgn2200m_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netgear:dgn2200m:-:*:*:*:*:*:*:*
    cpe:2.3:h:netgear:dgn2200m:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netgear:dgnd3700_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netgear:dgnd3700_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netgear:dgnd3700:-:*:*:*:*:*:*:*
    cpe:2.3:h:netgear:dgnd3700:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netgear:wnr2000v2_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netgear:wnr2000v2_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netgear:wnr2000v2:-:*:*:*:*:*:*:*
    cpe:2.3:h:netgear:wnr2000v2:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netgear:wndr3300_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netgear:wndr3300_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netgear:wndr3300:-:*:*:*:*:*:*:*
    cpe:2.3:h:netgear:wndr3300:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netgear:wndr3400_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netgear:wndr3400_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netgear:wndr3400:-:*:*:*:*:*:*:*
    cpe:2.3:h:netgear:wndr3400:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netgear:wnr3500_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netgear:wnr3500_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netgear:wnr3500:-:*:*:*:*:*:*:*
    cpe:2.3:h:netgear:wnr3500:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netgear:wnr834bv2_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netgear:wnr834bv2_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netgear:wnr834bv2:-:*:*:*:*:*:*:*
    cpe:2.3:h:netgear:wnr834bv2:-:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
misc https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md
Last major update 24-08-2020 - 17:37
Published 09-10-2019 - 13:15
Last modified 24-08-2020 - 17:37
Back to Top