Lucene search

[email protected]CVE-2019-20676

HistoryApr 15, 2020 - 8:15 p.m.

CVE-2019-20676

2020-04-1520:15:14

CWE-862

[email protected]

web.nvd.nist.gov

cve-2019-20676

netgear

access control

security vulnerability

nvd

fs728tlp

gs105ev2

gs105pe

gs108ev3

gs108pev3

gs110emx

gs116ev2

gs408epp

gs724tpv2

gs808e

gs810emx

gs908e

gss108e

gss108epp

gss116e

jgs516pe

jgs524ev2

jgs524pe

xs512em

xs708ev2

xs716e

xs724em

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS724TPv2 before 1.1.1.29, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1.

Affected configurations

NVD

Node

netgearfs728tlp_firmwareRange<1.0.1.26

AND

netgearfs728tlpMatch-

Node

netgeargs105e_firmwareRange<1.6.0.4

AND

netgeargs105eMatchv2

Node

netgeargs105pe_firmwareRange<1.6.0.4

AND

netgeargs105peMatch-

Node

netgeargs108e_firmwareRange<2.06.08

AND

netgeargs108eMatchv3

Node

netgeargs108pe_firmwareRange<2.06.08

AND

netgeargs108peMatchv3

Node

netgeargs110emx_firmwareRange<1.0.1.4

AND

netgeargs110emxMatch-

Node

netgeargs116e_firmwareRange<2.6.0.35

AND

netgeargs116eMatchv2

Node

netgeargs408epp_firmwareRange<1.0.0.15

AND

netgeargs408eppMatch-

Node

netgeargs724tp_firmwareRange<1.1.1.29

AND

netgeargs724tpMatchv2

Node

netgeargs808e_firmwareRange<1.7.0.7

AND

netgeargs808eMatch-

Node

netgeargs810emx_firmwareRange<1.7.1.1

AND

netgeargs810emxMatch-

Node

netgeargs908e_firmwareRange<1.7.0.3

AND

netgeargs908eMatch-

Node

netgeargss108e_firmwareRange<1.6.0.4

AND

netgeargss108eMatch-

Node

netgeargss108epp_firmwareRange<1.0.0.15

AND

netgeargss108eppMatch-

Node

netgeargss116e_firmwareRange<1.6.0.9

AND

netgeargss116eMatch-

Node

netgearjgs516pe_firmwareRange<2.6.0.35

AND

netgearjgs516peMatch-

Node

netgearjgs524e_firmwareRange<2.6.0.35

AND

netgearjgs524eMatchv2

Node

netgearjgs524pe_firmwareRange<2.6.0.35

AND

netgearjgs524peMatch-

Node

netgearxs512em_firmwareRange<1.0.1.1

AND

netgearxs512emMatch-

Node

netgearxs708e_firmwareRange<1.6.0.23

AND

netgearxs708eMatchv2

Node

netgearxs716e_firmwareRange<1.6.0.23

AND

netgearxs716eMatch-

Node

netgearxs724em_firmwareRange<1.0.1.1

AND

netgearxs724emMatch-

CPENameOperatorVersion
netgear:fs728tlp_firmwarenetgear fs728tlp firmwarelt1.0.1.26

CPE	Name	Operator	Version
netgear:fs728tlp_firmware	netgear fs728tlp firmware	lt	1.0.1.26

References

kb.netgear.com/000061463/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Switches-PSV-2018-0542

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2019-20676

prion1 cvelist1 nvd1