Lucene search

MitreCVE-2019-20718

HistoryApr 16, 2020 - 7:15 p.m.

CVE-2019-20718

2020-04-1619:15:24

CWE-77

mitre

web.nvd.nist.gov

cve-2019-20718

netgear

command injection

authenticated user

security vulnerability

nvd

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

6.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D8500 before 1.0.3.43, R6250 before 1.0.4.34, R6400 before 1.0.1.44, R6400v2 before 1.0.2.62, R7100LG before 1.0.0.48, R7300DST before 1.0.0.68, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.28, R8000P before 1.4.1.30, R8300 before 1.0.2.128, and R8500 before 1.0.2.128.

Affected configurations

Nvd

Node

netgeard6220_firmwareMatch-

AND

netgeard6220Match-

Node

netgeard6400_firmwareMatch-

AND

netgeard6400Match-

Node

netgeard7000_firmwareMatch-

AND

netgeard7000Matchv2

Node

netgeard8500_firmwareMatch-

AND

netgeard8500Match-

Node

netgearr6250_firmwareMatch-

AND

netgearr6250Match-

Node

netgearr6400_firmwareMatch-

AND

netgearr6400Match-

Node

netgearr6400_firmwareMatch-

AND

netgearr6400Matchv2

Node

netgearr7100lg_firmwareMatch-

AND

netgearr7100lgMatch-

Node

netgearr7300dst_firmwareMatch-

AND

netgearr7300dstMatch-

Node

netgearr7900_firmwareMatch-

AND

netgearr7900Match-

Node

netgearr7900p_firmwareMatch-

AND

netgearr7900pMatch-

Node

netgearr8000_firmwareMatch-

AND

netgearr8000Match-

Node

netgearr8000p_firmwareMatch-

AND

netgearr8000pMatch-

Node

netgearr8300_firmwareMatch-

AND

netgearr8300Match-

Node

netgearr8500_firmwareMatch-

AND

netgearr8500Match-

VendorProductVersionCPE
netgeard6220_firmware-cpe:2.3:o:netgear:d6220_firmware:-:*:*:*:*:*:*:*
netgeard6220-cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*
netgeard6400_firmware-cpe:2.3:o:netgear:d6400_firmware:-:*:*:*:*:*:*:*
netgeard6400-cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:*
netgeard7000_firmware-cpe:2.3:o:netgear:d7000_firmware:-:*:*:*:*:*:*:*
netgeard7000v2cpe:2.3:h:netgear:d7000:v2:*:*:*:*:*:*:*
netgeard8500_firmware-cpe:2.3:o:netgear:d8500_firmware:-:*:*:*:*:*:*:*
netgeard8500-cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*
netgearr6250_firmware-cpe:2.3:o:netgear:r6250_firmware:-:*:*:*:*:*:*:*
netgearr6250-cpe:2.3:h:netgear:r6250:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	d6220_firmware	-	cpe:2.3:o:netgear:d6220_firmware:-:::::::*
netgear	d6220	-	cpe:2.3:h:netgear:d6220:-:::::::*
netgear	d6400_firmware	-	cpe:2.3:o:netgear:d6400_firmware:-:::::::*
netgear	d6400	-	cpe:2.3:h:netgear:d6400:-:::::::*
netgear	d7000_firmware	-	cpe:2.3:o:netgear:d7000_firmware:-:::::::*
netgear	d7000	v2	cpe:2.3:h:netgear:d7000:v2:::::::*
netgear	d8500_firmware	-	cpe:2.3:o:netgear:d8500_firmware:-:::::::*
netgear	d8500	-	cpe:2.3:h:netgear:d8500:-:::::::*
netgear	r6250_firmware	-	cpe:2.3:o:netgear:r6250_firmware:-:::::::*
netgear	r6250	-	cpe:2.3:h:netgear:r6250:-:::::::*

Rows per page:

1-10 of 291

References

kb.netgear.com/000061210/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2018-0195

CVSS2

5.2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

CVSS3

6.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for CVE-2019-20718