CVE-2019-5016
moderate-risk
Published 2019-06-17
An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory read, resulting in a denial of service or remote information disclosure. An unauthenticated attacker can send a crafted packet on the local network to trigger this vulnerability.
Do I need to act?
~
2.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.1/10
Critical
NETWORK
/ LOW complexity
Affected Products (4)
References (4)
Broken Link
http://www.securityfocus.com/bid/108820
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0775
Broken Link
http://www.securityfocus.com/bid/108820
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0775
47
/ 100
moderate-risk
Severity
31/34 · Critical
Exploitability
6/34 · Minimal
Exposure
10/34 · Low