CVE-2019-5016

CRITICAL

NETGEAR R8000 and R7900 Firmware - Unauthenticated Arbitrary Memory Read via ReadySHARE Printer NetUSB Module

Title source: llm

Description

An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory read, resulting in a denial of service or remote information disclosure. An unauthenticated attacker can send a crafted packet on the local network to trigger this vulnerability.

References (2)

Core 2

Core References

Broken Link vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/108820

Third Party Advisory x_refsource_misc

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0775

Scores

CVSS v3 9.1

EPSS 0.0242

EPSS Percentile 85.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Details

CWE

CWE-200

Status published

Products (4)

kcodes/netusb.ko 1.0.2.66

kcodes/netusb.ko 1.0.2.69

netgear/r7900_firmware 1.0.3.810.037

netgear/r8000_firmware 1.0.4.28_10.1.54

Published Jun 17, 2019

Tracked Since Feb 18, 2026