āš  Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2019-17049

CWE-89 ā€” SQL Injection4 documents4 sources
Severity
7.5HIGH
EPSS
0.2%
top 55.46%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Netgear Srx5308 Firmware
Timeline
PublishedSep 30
Latest updateMay 24

Description

NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

ā–¶NVDnetgear/srx5308_firmware4.3.5-3

šŸ”“Vulnerability Details

3
GHSA
GHSA-mpm3-3v44-vmmw: NETGEAR SRX5308 4ā†—2022-05-24
ā–¶
CVEList
CVE-2019-17049: NETGEAR SRX5308 4ā†—2019-09-30
ā–¶
VulnCheck
NETGEAR srx5308_firmware Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')ā†—2019
ā–¶
CVE-2019-17049 (HIGH CVSS 7.5) | NETGEAR SRX5308 4.3.5-3 devices all | cvebase.io