Sign-up

ID

VAR-201909-0219


CVE

CVE-2019-17049


TITLE

NETGEAR SRX5308 In the device SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010127

DESCRIPTION

NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account. NETGEAR SRX5308 The device includes SQL An injection vulnerability exists.Information may be tampered with. NETGEAR SRX5308 is a VPN firewall device of NETGEAR. The vulnerability stems from the lack of verification of externally input SQL statements in database-based applications. Attackers can exploit this vulnerability to execute illegal SQL commands

Trust: 1.71

sources: NVD: CVE-2019-17049 // JVNDB: JVNDB-2019-010127 // VULHUB: VHN-149256

AFFECTED PRODUCTS

vendor:netgearmodel:srx5308scope:eqversion:4.3.5-3

Trust: 1.6

vendor:net gearmodel:srx5308scope:eqversion:4.3.5-3

Trust: 0.8

vendor:netgearmodel:srx5308scope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2019-010127 // CNNVD: CNNVD-201909-1364 // NVD: CVE-2019-17049

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-17049
value: HIGH

Trust: 1.0

NVD: CVE-2019-17049
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201909-1364
value: HIGH

Trust: 0.6

VULHUB: VHN-149256
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-17049
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-149256
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-17049
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-17049
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-149256 // JVNDB: JVNDB-2019-010127 // CNNVD: CNNVD-201909-1364 // NVD: CVE-2019-17049

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-149256 // JVNDB: JVNDB-2019-010127 // NVD: CVE-2019-17049

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201909-1364

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010127

PATCH
title:Successful hack of our SRX5308url:https://community.netgear.com/t5/Hardware-VPN-Firewalls-and/Successful-hack-of-our-SRX5308/m-p/1805846
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-010127

EXTERNAL IDS
db:NVDid:CVE-2019-17049
Trust: 2.5
db:JVNDBid:JVNDB-2019-010127
Trust: 0.8
db:CNNVDid:CNNVD-201909-1364
Trust: 0.7
db:CNVDid:CNVD-2020-23148
Trust: 0.1
db:VULHUBid:VHN-149256
Trust: 0.1
sources:
            
            
            VULHUB: VHN-149256 // 
            
            
            
            JVNDB: JVNDB-2019-010127 // 
            
            
            
            CNNVD: CNNVD-201909-1364 // 
            
            
            
            NVD: CVE-2019-17049

REFERENCES
url:https://community.netgear.com/t5/hardware-vpn-firewalls-and/successful-hack-of-our-srx5308/m-p/1805846
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-17049
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17049
Trust: 0.8
sources:
            
            
            VULHUB: VHN-149256 // 
            
            
            
            JVNDB: JVNDB-2019-010127 // 
            
            
            
            CNNVD: CNNVD-201909-1364 // 
            
            
            
            NVD: CVE-2019-17049

SOURCES
db:VULHUBid:VHN-149256
db:JVNDBid:JVNDB-2019-010127
db:CNNVDid:CNNVD-201909-1364
db:NVDid:CVE-2019-17049

LAST UPDATE DATE
2024-11-23T22:16:50.878000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-149256date:2019-10-04T00:00:00
db:JVNDBid:JVNDB-2019-010127date:2019-10-07T00:00:00
db:CNNVDid:CNNVD-201909-1364date:2019-10-21T00:00:00
db:NVDid:CVE-2019-17049date:2024-11-21T04:31:35.813

SOURCES RELEASE DATE
db:VULHUBid:VHN-149256date:2019-09-30T00:00:00
db:JVNDBid:JVNDB-2019-010127date:2019-10-07T00:00:00
db:CNNVDid:CNNVD-201909-1364date:2019-09-30T00:00:00
db:NVDid:CVE-2019-17049date:2019-09-30T19:15:08.837