Sign-up

ID

VAR-201908-0479


CVE

CVE-2019-14527


TITLE

NETGEAR Nighthawk M1 operating system command injection vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-23151 // CNNVD: CNNVD-201908-1084

DESCRIPTION

An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. System commands can be executed, via the web interface, after authentication. NETGEAR Nighthawk M1 (MR1100) The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 2.16

sources: NVD: CVE-2019-14527 // JVNDB: JVNDB-2019-008365 // CNVD: CNVD-2020-23151

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-23151

AFFECTED PRODUCTS

vendor:netgearmodel:mr1100scope:ltversion:12.06.03

Trust: 1.0

vendor:net gearmodel:mr 1100scope:ltversion:12.06.03

Trust: 0.8

vendor:netgearmodel:nighthawk m1scope:ltversion:12.06.03

Trust: 0.6

sources: CNVD: CNVD-2020-23151 // JVNDB: JVNDB-2019-008365 // NVD: CVE-2019-14527

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-14527
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-14527
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-23151
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201908-1084
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-14527
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-23151
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-14527
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2020-23151 // JVNDB: JVNDB-2019-008365 // CNNVD: CNNVD-201908-1084 // NVD: CVE-2019-14527

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2019-008365 // NVD: CVE-2019-14527

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1084

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201908-1084

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008365

PATCH
title:Nighthawk M1 Mobile Routerurl:https://www.netgear.com/business/products/mobile-broadband/mobilerouters/M1.aspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-008365

EXTERNAL IDS
db:NVDid:CVE-2019-14527
Trust: 3.0
db:JVNDBid:JVNDB-2019-008365
Trust: 0.8
db:CNVDid:CNVD-2020-23151
Trust: 0.6
db:CNNVDid:CNNVD-201908-1084
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-23151 // 
            
            
            
            JVNDB: JVNDB-2019-008365 // 
            
            
            
            CNNVD: CNNVD-201908-1084 // 
            
            
            
            NVD: CVE-2019-14527

REFERENCES
url:https://www.pentestpartners.com/security-blog/how-not-to-do-cross-site-request-forgery-protection-the-netgear-nighthawk-m1/
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-14527
Trust: 2.0
url:https://www.bleepingcomputer.com/news/security/4g-router-vulnerabilities-let-attackers-take-full-control/
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14527
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-23151 // 
            
            
            
            JVNDB: JVNDB-2019-008365 // 
            
            
            
            CNNVD: CNNVD-201908-1084 // 
            
            
            
            NVD: CVE-2019-14527

SOURCES
db:CNVDid:CNVD-2020-23151
db:JVNDBid:JVNDB-2019-008365
db:CNNVDid:CNNVD-201908-1084
db:NVDid:CVE-2019-14527

LAST UPDATE DATE
2024-11-23T22:21:33.373000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-23151date:2020-04-16T00:00:00
db:JVNDBid:JVNDB-2019-008365date:2019-08-29T00:00:00
db:CNNVDid:CNNVD-201908-1084date:2019-08-30T00:00:00
db:NVDid:CVE-2019-14527date:2024-11-21T04:26:54.293

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-23151date:2020-04-16T00:00:00
db:JVNDBid:JVNDB-2019-008365date:2019-08-29T00:00:00
db:CNNVDid:CNNVD-201908-1084date:2019-08-14T00:00:00
db:NVDid:CVE-2019-14527date:2019-08-14T21:15:13.627