CVE-2019-5017Sensitive Information Exposure in Kcodes

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.5%
top 33.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Talos KcodesKcodes Netusb.koNetgear R8000 Firmware
Timeline
PublishedJun 17
Latest updateMay 24

Description

An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can craft and send a packet containing an opcode that will trigger the kernel module to return several addresses. One of which can be used to calculate the dynamic base address of the module for further exploitation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

NVDkcodes/netusb.ko1.0.2.66
CVEListV5talos/kcodesNETGEAR Nighthawk AC3200 (R8000) Firmware Version V1.0.4.28_10.1.54 (11/7/18) - NetUSB.ko 1.0.2.66
NVDnetgear/r8000_firmware1.0.4.28_10.1.54

🔴Vulnerability Details

2
GHSA
GHSA-28gx-fpxq-xvf7: An exploitable information disclosure vulnerability exists in the KCodes NetUSB2022-05-24
CVEList
CVE-2019-5017: An exploitable information disclosure vulnerability exists in the KCodes NetUSB2019-06-17
CVE-2019-5017 — Sensitive Information Exposure | cvebase