Sign-up

ID

VAR-202003-0656


CVE

CVE-2019-20488


TITLE

NETGEAR WNR1000V4 Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-014726

DESCRIPTION

An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the web management interface (setup.cgi) are vulnerable to command injection, allowing remote attackers to execute arbitrary commands, as demonstrated by shell metacharacters in the sysDNSHost parameter. NETGEAR WNR1000V4 A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WNR1000V4 is a G54 / N150 wireless router

Trust: 2.16

sources: NVD: CVE-2019-20488 // JVNDB: JVNDB-2019-014726 // CNVD: CNVD-2020-15506

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-15506

AFFECTED PRODUCTS

vendor:netgearmodel:wnr1000v4scope:eqversion:1.1.0.54

Trust: 1.4

vendor:netgearmodel:wnr1000scope:eqversion:1.1.0.54

Trust: 1.0

sources: CNVD: CNVD-2020-15506 // JVNDB: JVNDB-2019-014726 // NVD: CVE-2019-20488

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-20488
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2019-014726
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-15506
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202003-020
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-20488
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-014726
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-15506
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-20488
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014726
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-15506 // JVNDB: JVNDB-2019-014726 // CNNVD: CNNVD-202003-020 // NVD: CVE-2019-20488

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:CWE-74

Trust: 0.8

sources: JVNDB: JVNDB-2019-014726 // NVD: CVE-2019-20488

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-020

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202003-020

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014726

PATCH
title:WNR1000v4url:https://www.netgear.com/support/product/WNR1000v4.aspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-014726

EXTERNAL IDS
db:NVDid:CVE-2019-20488
Trust: 3.0
db:JVNDBid:JVNDB-2019-014726
Trust: 0.8
db:CNVDid:CNVD-2020-15506
Trust: 0.6
db:CNNVDid:CNNVD-202003-020
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-15506 // 
            
            
            
            JVNDB: JVNDB-2019-014726 // 
            
            
            
            CNNVD: CNNVD-202003-020 // 
            
            
            
            NVD: CVE-2019-20488

REFERENCES
url:https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/august/the-netgear-wnr1000v4-round-2/
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-20488
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20488
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-20489
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-15506 // 
            
            
            
            JVNDB: JVNDB-2019-014726 // 
            
            
            
            CNNVD: CNNVD-202003-020 // 
            
            
            
            NVD: CVE-2019-20488

SOURCES
db:CNVDid:CNVD-2020-15506
db:JVNDBid:JVNDB-2019-014726
db:CNNVDid:CNNVD-202003-020
db:NVDid:CVE-2019-20488

LAST UPDATE DATE
2024-11-23T22:55:16.416000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-15506date:2020-03-05T00:00:00
db:JVNDBid:JVNDB-2019-014726date:2020-03-12T00:00:00
db:CNNVDid:CNNVD-202003-020date:2020-08-25T00:00:00
db:NVDid:CVE-2019-20488date:2024-11-21T04:38:35.990

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-15506date:2020-03-05T00:00:00
db:JVNDBid:JVNDB-2019-014726date:2020-03-12T00:00:00
db:CNNVDid:CNNVD-202003-020date:2020-03-02T00:00:00
db:NVDid:CVE-2019-20488date:2020-03-02T16:15:12.160