### [CVE-2019-5054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5054)
![](https://img.shields.io/static/v1?label=Product&message=N300%20WNR2000v5&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%3A%20NULL%20Pointer%20Dereference&color=brighgreen)

### Description

An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP service crashing. An unauthenticated attacker can send a specially crafted HTTP request to trigger this vulnerability.

### POC

#### Reference
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0831
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0831

#### Github
No PoCs found on GitHub currently.