CVE-2019-5054 — NULL Pointer Dereference in Netgear N300 Wnr2000v5

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

7.5HIGHNVD

EPSS

11.2%

top 6.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear N300 Wnr2000v5 Netgear Wnr2000 Firmware

Timeline

PublishedSep 11

Latest updateMay 24

Description

An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP service crashing. An unauthenticated attacker can send a specially crafted HTTP request to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5netgear/n300_wnr2000v5Firmware Version V1.0.0.70

▶NVDnetgear/wnr2000_firmware1.0.0.70

🔴Vulnerability Details

GHSA

GHSA-3fq7-8gqg-m2m9: An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1↗2022-05-24

▶

CVEList

CVE-2019-5054: An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1↗2019-09-11

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Denial-of-service vulnerabilities in some NETGEAR routers↗2019-09-09

▶