1. Home
  2. CVE Database
  3. CVE-2019-17372
HIGH · 8.1

CVE-2019-17372

Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered...

Vulnerability Description

Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered.html to obtain a valid new admin password. This affects AC1450, D8500, DC112A, JNDR3000, LG2200D, R4500, R6200, R6200V2, R6250, R6300, R6300v2, R6400, R6700, R6900P, R6900, R7000P, R7000, R7100LG, R7300, R7900, R8000, R8300, R8500, WGR614v10, WN2500RPv2, WNDR3400v2, WNDR3700v3, WNDR4000, WNDR4500, WNDR4500v2, WNR1000, WNR1000v3, WNR3500L, and WNR3500L.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
NetgearAc1450 Firmware-
NetgearAc1450-
NetgearD8500 Firmware-
NetgearD8500-
NetgearDc112A Firmware-
NetgearDc112A-
NetgearJndr3000 Firmware-
NetgearJndr3000-
NetgearLg2200D Firmware-
NetgearLg2200D-
NetgearR4500 Firmware-
NetgearR4500-
NetgearR6200 Firmware-
NetgearR6200-
NetgearR6200V2 Firmware-
NetgearR6200V2-
NetgearR6250 Firmware-
NetgearR6250-
NetgearR6300 Firmware-
NetgearR6300-

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2019-17372?

CVE-2019-17372 is a vulnerability with a CVSS score of 8.1 (HIGH). Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered...

How severe is CVE-2019-17372?

CVE-2019-17372 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-17372?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Ac1450 Firmware, Netgear Ac1450, Netgear D8500 Firmware, Netgear D8500, Netgear Dc112A Firmware.