Lucene search

MitreCVE-2019-20731

HistoryApr 16, 2020 - 8:15 p.m.

CVE-2019-20731

2020-04-1620:15:13

CWE-120

mitre

web.nvd.nist.gov

netgear

buffer overflow

cve-2019-20731

nvd

security vulnerability

authenticated user

nvd

device firmware

firmware update.

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

12.6%

JSON

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000v2 before 1.0.0.74, D8500 before 1.0.3.39, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.22, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.20, R6300v2 before 1.0.4.18, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6900 before 1.0.1.46, R7000 before 1.0.9.26, R6900P before 1.3.0.20, R7000P before 1.3.0.20, R7100LG before 1.0.0.34, R7300DST before 1.0.0.62, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.116, R8500 before 1.0.2.116, WN2500RPv2 before 1.0.1.54, and WNDR3400v3 before 1.0.1.18.

Affected configurations

Nvd

Node

netgeard6220_firmwareRange<1.0.0.40

AND

netgeard6220Match-

Node

netgeard6400_firmwareRange<1.0.0.74

AND

netgeard6400Match-

Node

netgeard7000_firmwareRange<1.0.0.74

AND

netgeard7000Matchv2

Node

netgeard8500_firmwareRange<1.0.3.39

AND

netgeard8500Match-

Node

netgearex3700_firmwareRange<1.0.0.70

AND

netgearex3700Match-

Node

netgearex3800_firmwareRange<1.0.0.70

AND

netgearex3800Match-

Node

netgearex6000_firmwareRange<1.0.0.30

AND

netgearex6000Match-

Node

netgearex6100_firmwareRange<1.0.2.22

AND

netgearex6100Match-

Node

netgearex6120_firmwareRange<1.0.0.40

AND

netgearex6120Match-

Node

netgearex6130_firmwareRange<1.0.0.22

AND

netgearex6130Match-

Node

netgearex6150_firmwareRange<1.0.0.42

AND

netgearex6150Matchv1

Node

netgearex6200_firmwareRange<1.0.3.88

AND

netgearex6200Match-

Node

netgearex7000_firmwareRange<1.0.0.66

AND

netgearex7000Match-

Node

netgearr6250_firmwareRange<1.0.4.20

AND

netgearr6250Match-

Node

netgearr6300_firmwareRange<1.0.4.18

AND

netgearr6300Matchv2

Node

netgearr6400_firmwareRange<1.0.2.52

AND

netgearr6400Matchv2

Node

netgearr6700_firmwareRange<1.0.1.44

AND

netgearr6700Match-

Node

netgearr6900_firmwareRange<1.0.1.46

AND

netgearr6900Match-

Node

netgearr7000_firmwareRange<1.0.9.26

AND

netgearr7000Match-

Node

netgearr6900p_firmwareRange<1.3.0.20

AND

netgearr6900pMatch-

Node

netgearr7000p_firmwareRange<1.3.0.20

AND

netgearr7000pMatch-

Node

netgearr7100lg_firmwareRange<1.0.0.34

AND

netgearr7100lgMatch-

Node

netgearr7300dst_firmwareRange<1.0.0.62

AND

netgearr7300dstMatch-

Node

netgearr8000_firmwareRange<1.0.4.12

AND

netgearr8000Match-

Node

netgearr7900p_firmwareRange<1.3.0.10

AND

netgearr7900pMatch-

Node

netgearr8000p_firmwareRange<1.3.0.10

AND

netgearr8000pMatch-

Node

netgearr8300_firmwareRange<1.0.2.116

AND

netgearr8300Match-

Node

netgearr8500_firmwareRange<1.0.2.116

AND

netgearr8500Match-

Node

netgearwn2500rp_firmwareRange<1.0.1.54

AND

netgearwn2500rpMatchv2

Node

netgearwndr3400_firmwareRange<1.0.1.18

AND

netgearwndr3400Matchv3

VendorProductVersionCPE
netgeard6220_firmware*cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*
netgeard6220-cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*
netgeard6400_firmware*cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*
netgeard6400-cpe:2.3:h:netgear:d6400:-:*:*:*:*:*:*:*
netgeard7000_firmware*cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*
netgeard7000v2cpe:2.3:h:netgear:d7000:v2:*:*:*:*:*:*:*
netgeard8500_firmware*cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*
netgeard8500-cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*
netgearex3700_firmware*cpe:2.3:o:netgear:ex3700_firmware:*:*:*:*:*:*:*:*
netgearex3700-cpe:2.3:h:netgear:ex3700:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	d6220_firmware	*	cpe:2.3:o:netgear:d6220_firmware::::::::
netgear	d6220	-	cpe:2.3:h:netgear:d6220:-:::::::*
netgear	d6400_firmware	*	cpe:2.3:o:netgear:d6400_firmware::::::::
netgear	d6400	-	cpe:2.3:h:netgear:d6400:-:::::::*
netgear	d7000_firmware	*	cpe:2.3:o:netgear:d7000_firmware::::::::
netgear	d7000	v2	cpe:2.3:h:netgear:d7000:v2:::::::*
netgear	d8500_firmware	*	cpe:2.3:o:netgear:d8500_firmware::::::::
netgear	d8500	-	cpe:2.3:h:netgear:d8500:-:::::::*
netgear	ex3700_firmware	*	cpe:2.3:o:netgear:ex3700_firmware::::::::
netgear	ex3700	-	cpe:2.3:h:netgear:ex3700:-:::::::*

Rows per page:

1-10 of 601

References

kb.netgear.com/000061196/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2254

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2019-20731