CVE-2019-5054

Name of the Vulnerable Software and Affected Versions NETGEAR N300 (WNR2000v5) version V1.0.0.70

Description A denial-of-service issue exists in the session handling functionality of the NETGEAR N300 HTTP server. This occurs when an HTTP request with an empty User-Agent string is sent to a page that requires authentication, causing a null pointer dereference and resulting in the HTTP service crashing. An unauthenticated attacker can exploit this by sending a specially crafted HTTP request.

Recommendations For NETGEAR N300 (WNR2000v5) version V1.0.0.70, consider restricting access to pages that require authentication until a fix is available. As a temporary workaround, avoid using empty User-Agent strings in HTTP requests to minimize the risk of triggering this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.