Description
An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can craft and send a packet containing an opcode that will trigger the kernel module to return several addresses. One of which can be used to calculate the dynamic base address of the module for further exploitation.
References (2)
Core 2
Core References
Broken Link vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108827
Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0776
Scores
CVSS v3
5.3
EPSS
0.0052
EPSS Percentile
66.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
kcodes/netusb.ko
1.0.2.66
netgear/r8000_firmware
1.0.4.28_10.1.54
Published
Jun 17, 2019
Tracked Since
Feb 18, 2026