CVE-2019-5016

An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory read, resulting in a denial of service or remote information disclosure. An unauthenticated attacker can send a crafted packet on the local network to trigger this vulnerability.

Published: Jun 17, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-5016
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:N/A:P

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
netgear / r8000_firmware	1.0.4.28_10.1.54	1.0.4.28_10.1.54.x
netgear / r7900_firmware	1.0.3.810.037	1.0.3.810.037.x
kcodes / netusb.ko	1.0.2.66	1.0.2.66.x
kcodes / netusb.ko	1.0.2.69	1.0.2.69.x

http://www.securityfocus.com/bid/108820
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0775

Vulnerability Database

289,782

CVE-2019-5016