ID CVE-2019-20691Type cveReporter cve@mitre.orgModified 2020-04-21T14:52:00
Description
Certain NETGEAR devices are affected by CSRF. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, and WN2500RPv2 before 1.0.1.54.
{"id": "CVE-2019-20691", "bulletinFamily": "NVD", "title": "CVE-2019-20691", "description": "Certain NETGEAR devices are affected by CSRF. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, and WN2500RPv2 before 1.0.1.54.", "published": "2020-04-16T19:15:00", "modified": "2020-04-21T14:52:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20691", "reporter": "cve@mitre.org", "references": ["https://kb.netgear.com/000061448/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Gateways-and-Extenders-PSV-2017-2747"], "cvelist": ["CVE-2019-20691"], "type": "cve", "lastseen": "2020-12-09T21:41:50", "edition": 10, "viewCount": 4, "enchantments": {"dependencies": {"references": [], "modified": "2020-12-09T21:41:50", "rev": 2}, "score": {"value": 3.7, "vector": "NONE", "modified": "2020-12-09T21:41:50", "rev": 2}, "vulnersScore": 3.7}, "cpe": [], "affectedSoftware": [{"cpeName": "netgear:d3600_firmware", "name": "netgear d3600 firmware", "operator": "lt", "version": "1.0.0.72"}, {"cpeName": "netgear:ex6200_firmware", "name": "netgear ex6200 firmware", "operator": "lt", "version": "1.0.3.88"}, {"cpeName": "netgear:ex6130_firmware", "name": "netgear ex6130 firmware", "operator": "lt", "version": "1.0.0.22"}, {"cpeName": "netgear:ex6150_firmware", "name": "netgear ex6150 firmware", "operator": "lt", "version": "1.0.0.42"}, {"cpeName": "netgear:ex6000_firmware", "name": "netgear ex6000 firmware", "operator": "lt", "version": "1.0.0.30"}, {"cpeName": "netgear:ex6120_firmware", "name": "netgear ex6120 firmware", "operator": "lt", "version": "1.0.0.40"}, {"cpeName": "netgear:d6000_firmware", "name": "netgear d6000 firmware", "operator": "lt", "version": "1.0.0.72"}, {"cpeName": "netgear:ex7000_firmware", "name": "netgear ex7000 firmware", "operator": "lt", "version": "1.0.0.66"}, {"cpeName": "netgear:ex3800_firmware", "name": "netgear ex3800 firmware", "operator": "lt", "version": "1.0.0.70"}, {"cpeName": "netgear:ex6100_firmware", "name": "netgear ex6100 firmware", "operator": "lt", "version": "1.0.2.24"}, {"cpeName": "netgear:wn2500rp_firmware", "name": "netgear wn2500rp firmware", "operator": "lt", "version": "1.0.1.54"}, {"cpeName": "netgear:ex3700_firmware", "name": "netgear ex3700 firmware", "operator": "lt", "version": "1.0.0.70"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "cpe23": [], "cwe": ["CWE-352"], "scheme": null, "affectedConfiguration": [{"cpeName": "netgear:ex3700", "name": "netgear ex3700", "operator": "eq", "version": "-"}, {"cpeName": "netgear:ex6150", "name": "netgear ex6150", "operator": "eq", "version": "v1"}, {"cpeName": "netgear:ex6100", "name": "netgear ex6100", "operator": "eq", "version": "-"}, {"cpeName": "netgear:wn2500rp", "name": "netgear wn2500rp", "operator": "eq", "version": "v2"}, {"cpeName": "netgear:d6000", "name": "netgear d6000", "operator": "eq", "version": "-"}, {"cpeName": "netgear:ex7000", "name": "netgear ex7000", "operator": "eq", "version": "-"}, {"cpeName": "netgear:ex3800", "name": "netgear ex3800", "operator": "eq", "version": "-"}, {"cpeName": "netgear:ex6200", "name": "netgear ex6200", "operator": "eq", "version": "-"}, {"cpeName": "netgear:ex6000", "name": "netgear ex6000", "operator": "eq", "version": "-"}, {"cpeName": "netgear:ex6120", "name": "netgear ex6120", "operator": "eq", "version": "-"}, {"cpeName": "netgear:ex6130", "name": "netgear ex6130", "operator": "eq", "version": "-"}, {"cpeName": "netgear:d3600", "name": "netgear d3600", "operator": "eq", "version": "-"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:d6000_firmware:1.0.0.72:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.0.72", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:ex6150:v1:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:ex6150_firmware:1.0.0.42:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.0.42", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:ex6120_firmware:1.0.0.40:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.0.40", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:ex6120:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:wn2500rp_firmware:1.0.1.54:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.1.54", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:wn2500rp:v2:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:ex7000_firmware:1.0.0.66:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.0.66", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:ex7000:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:ex6100:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:ex6100_firmware:1.0.2.24:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.2.24", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:ex6000:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:ex6000_firmware:1.0.0.30:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.0.30", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:ex3800_firmware:1.0.0.70:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.0.70", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:ex3800:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:ex3700:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:ex3700_firmware:1.0.0.70:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.0.70", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:d3600_firmware:1.0.0.72:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.0.72", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:ex6200_firmware:1.0.3.88:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.3.88", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:ex6200:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:netgear:ex6130:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:netgear:ex6130_firmware:1.0.0.22:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.0.22", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}]}}
{}
