Lucene search

MitreCVE-2019-17049

HistorySep 30, 2019 - 7:15 p.m.

CVE-2019-17049

2019-09-3019:15:08

CWE-89

mitre

web.nvd.nist.gov

netgear

srx5308

4.3.5-3

sql injection

exploit

cve-2019-17049

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

39.8%

JSON

NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account.

Affected configurations

Nvd

Node

netgearsrx5308_firmwareMatch4.3.5-3

AND

netgearsrx5308Match-

VendorProductVersionCPE
netgearsrx5308_firmware4.3.5-3cpe:2.3:o:netgear:srx5308_firmware:4.3.5-3:*:*:*:*:*:*:*
netgearsrx5308-cpe:2.3:h:netgear:srx5308:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	srx5308_firmware	4.3.5-3	cpe:2.3:o:netgear:srx5308_firmware:4.3.5-3:::::::*
netgear	srx5308	-	cpe:2.3:h:netgear:srx5308:-:::::::*

References

community.netgear.com/t5/Hardware-VPN-Firewalls-and/Successful-hack-of-our-SRX5308/m-p/1805846

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

39.8%

JSON

Related for CVE-2019-17049