Sign-up

ID

VAR-202003-0655


CVE

CVE-2019-20487


TITLE

NETGEAR WNR1000V4 Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-15938 // CNNVD: CNNVD-202003-026

DESCRIPTION

An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the WNR1000V4 web management console are vulnerable to an unauthenticated GET request (exploitable directly or through CSRF), as demonstrated by the setup.cgi?todo=save_htp_account URI. NETGEAR WNR1000V4 A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WNR1000V4 is a wireless router product from NetGear. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client

Trust: 2.16

sources: NVD: CVE-2019-20487 // JVNDB: JVNDB-2019-014725 // CNVD: CNVD-2020-15938

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-15938

AFFECTED PRODUCTS

vendor:netgearmodel:wnr1000scope:eqversion:1.1.0.54

Trust: 1.6

vendor:netgearmodel:wnr1000v4scope:eqversion:1.1.0.54

Trust: 1.4

vendor:netgearmodel:wnr1000scope:eqversion:4

Trust: 0.6

sources: CNVD: CNVD-2020-15938 // JVNDB: JVNDB-2019-014725 // CNNVD: CNNVD-202003-026 // NVD: CVE-2019-20487

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-20487
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-014725
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-15938
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202003-026
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-20487
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-014725
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-15938
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-20487
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014725
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-15938 // JVNDB: JVNDB-2019-014725 // CNNVD: CNNVD-202003-026 // NVD: CVE-2019-20487

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.8

sources: JVNDB: JVNDB-2019-014725 // NVD: CVE-2019-20487

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-026

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-202003-026

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014725

PATCH
title:WNR1000v4url:https://www.netgear.com/support/product/WNR1000v4.aspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-014725

EXTERNAL IDS
db:NVDid:CVE-2019-20487
Trust: 3.0
db:JVNDBid:JVNDB-2019-014725
Trust: 0.8
db:CNVDid:CNVD-2020-15938
Trust: 0.6
db:CNNVDid:CNNVD-202003-026
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-15938 // 
            
            
            
            JVNDB: JVNDB-2019-014725 // 
            
            
            
            CNNVD: CNNVD-202003-026 // 
            
            
            
            NVD: CVE-2019-20487

REFERENCES
url:https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/august/the-netgear-wnr1000v4-round-2/
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-20487
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20487
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-15938 // 
            
            
            
            JVNDB: JVNDB-2019-014725 // 
            
            
            
            CNNVD: CNNVD-202003-026 // 
            
            
            
            NVD: CVE-2019-20487

SOURCES
db:CNVDid:CNVD-2020-15938
db:JVNDBid:JVNDB-2019-014725
db:CNNVDid:CNNVD-202003-026
db:NVDid:CVE-2019-20487

LAST UPDATE DATE
2024-11-23T22:29:41.659000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-15938date:2020-03-06T00:00:00
db:JVNDBid:JVNDB-2019-014725date:2020-03-12T00:00:00
db:CNNVDid:CNNVD-202003-026date:2020-03-09T00:00:00
db:NVDid:CVE-2019-20487date:2024-11-21T04:38:35.853

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-15938date:2020-03-06T00:00:00
db:JVNDBid:JVNDB-2019-014725date:2020-03-12T00:00:00
db:CNNVDid:CNNVD-202003-026date:2020-03-02T00:00:00
db:NVDid:CVE-2019-20487date:2020-03-02T16:15:12.097