Lucene search

[email protected]CVE-2020-13245

HistoryMay 28, 2020 - 7:15 p.m.

CVE-2020-13245

2020-05-2819:15:10

CWE-295

[email protected]

web.nvd.nist.gov

netgear

missing ssl certificate validation

cve-2020-13245

r7000

r6120

r7800

r6220

r8000

r6350

r9000

r6400

rax120

r6400v2

rbr20

r6800

xr300

r6850

xr500

r7000p

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.9%

JSON

Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P.

Affected configurations

NVD

Node

netgearr6120_firmwareRangev1.0.9.6_1.2.19–v1.0.11.100_10.2.100

AND

netgearr6120Match-

Node

netgearr6220_firmwareRangev1.0.9.6_1.2.19–v1.0.11.100_10.2.100

AND

netgearr6220Match-

Node

netgearr6350_firmwareRangev1.0.9.6_1.2.19–v1.0.11.100_10.2.100

AND

netgearr6350Match-

Node

netgearr6400_firmwareRangev1.0.9.6_1.2.19–v1.0.11.100_10.2.100

AND

netgearr6400Match-

Node

netgearr6400_firmwareRangev1.0.9.6_1.2.19–v1.0.11.100_10.2.100

AND

netgearr6400Matchv2

Node

netgearr6800_firmwareRangev1.0.9.6_1.2.19–v1.0.11.100_10.2.100

AND

netgearr6800Match-

Node

netgearr6850_firmwareRangev1.0.9.6_1.2.19–v1.0.11.100_10.2.100

AND

netgearr6850Match-

Node

netgearr7000p_firmwareRangev1.0.9.6_1.2.19–v1.0.11.100_10.2.100

AND

netgearr7000pMatch-

Node

netgearr7800_firmwareRangev1.0.9.6_1.2.19–v1.0.11.100_10.2.100

AND

netgearr7800Match-

Node

netgearr8000_firmwareRangev1.0.9.6_1.2.19–v1.0.11.100_10.2.100

AND

netgearr8000Match-

Node

netgearr9000_firmwareRangev1.0.9.6_1.2.19–v1.0.11.100_10.2.100

AND

netgearr9000Match-

Node

netgearrax120_firmwareRangev1.0.9.6_1.2.19–v1.0.11.100_10.2.100

AND

netgearrax120Match-

Node

netgearrbr20_firmwareRangev1.0.9.6_1.2.19–v1.0.11.100_10.2.100

AND

netgearrbr20Match-

Node

netgearxr300_firmwareRangev1.0.9.6_1.2.19–v1.0.11.100_10.2.100

AND

netgearxr300Match-

Node

netgearxr500_firmwareRangev1.0.9.6_1.2.19–v1.0.11.100_10.2.100

AND

netgearxr500Match-

CPENameOperatorVersion
netgear:r6120_firmwarenetgear r6120 firmwarelev1.0.11.100_10.2.100

CPE	Name	Operator	Version
netgear:r6120_firmware	netgear r6120 firmware	le	v1.0.11.100_10.2.100

References

iot-lab-fh-ooe.github.io/netgear_update_vulnerability/

www.netgear.com/about/security/

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.9%

JSON

Related for CVE-2020-13245

prion1 cvelist1 nvd1