Vulnerability Details CVE-2019-17373
Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2019-17373
-
cpe:2.3:h:netgear:dgn2200:-
-
cpe:2.3:h:netgear:dgn2200m:-
-
cpe:2.3:h:netgear:dgnd3700:-
-
cpe:2.3:h:netgear:mbr1515:-
-
cpe:2.3:h:netgear:mbr1516:-
-
cpe:2.3:h:netgear:wndr3300:-
-
cpe:2.3:h:netgear:wndr3400:-
-
cpe:2.3:h:netgear:wnr2000v2:-
-
cpe:2.3:h:netgear:wnr3500:-
-
cpe:2.3:h:netgear:wnr834bv2:-
-
cpe:2.3:o:netgear:dgn2200_firmware:-
-
cpe:2.3:o:netgear:dgn2200m_firmware:-
-
cpe:2.3:o:netgear:dgnd3700_firmware:-
-
cpe:2.3:o:netgear:mbr1515_firmware:-
-
cpe:2.3:o:netgear:mbr1516_firmware:-
-
cpe:2.3:o:netgear:wndr3300_firmware:-
-
cpe:2.3:o:netgear:wndr3400_firmware:-
-
cpe:2.3:o:netgear:wnr2000v2_firmware:-
-
cpe:2.3:o:netgear:wnr3500_firmware:-
-
cpe:2.3:o:netgear:wnr834bv2_firmware:-