Details of VAR-202004-0452

ID

VAR-202004-0452

CVE

CVE-2020-11788

TITLE

plural NETGEAR Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-004534

DESCRIPTION

Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.34, D7000 before 1.0.1.68, PR2000 before 1.0.0.28, R6050 before 1.0.1.18, JR6150 before 1.0.1.18, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6260 before 1.1.0.64, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, and R6900v2 before 1.2.0.36. plural NETGEAR There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6200, etc. are all products of NETGEAR. NETGEAR D6200 is a wireless modem. NETGEAR JR6150 is a wireless router. NETGEAR PR2000 is a wireless router. There are security holes in many NETGEAR products

Trust: 2.16

sources: NVD: CVE-2020-11788 // JVNDB: JVNDB-2020-004534 // CNVD: CNVD-2020-26953

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-26953

AFFECTED PRODUCTS

vendor:	netgear	model:	d6200	scope:	lt	version:	1.1.00.34	Trust: 1.6
vendor:	netgear	model:	d7000	scope:	lt	version:	1.0.1.68	Trust: 1.6
vendor:	netgear	model:	jr6150	scope:	lt	version:	1.0.1.18	Trust: 1.6
vendor:	netgear	model:	pr2000	scope:	lt	version:	1.0.0.28	Trust: 1.6
vendor:	netgear	model:	r6120	scope:	lt	version:	1.0.0.46	Trust: 1.6
vendor:	netgear	model:	r6220	scope:	lt	version:	1.1.0.80	Trust: 1.6
vendor:	netgear	model:	r6260	scope:	lt	version:	1.1.0.64	Trust: 1.6
vendor:	netgear	model:	r6800	scope:	lt	version:	1.2.0.36	Trust: 1.6
vendor:	netgear	model:	r6230	scope:	lt	version:	1.1.0.80	Trust: 1.0
vendor:	netgear	model:	r6900	scope:	lt	version:	1.2.0.36	Trust: 1.0
vendor:	netgear	model:	r6050	scope:	lt	version:	1.0.1.18	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lt	version:	1.2.0.36	Trust: 1.0
vendor:	netgear	model:	d6200	scope:	eq	version:	1.1.00.34	Trust: 0.8
vendor:	netgear	model:	d7000	scope:	eq	version:	1.0.1.68	Trust: 0.8
vendor:	netgear	model:	jr6150	scope:	eq	version:	1.0.1.18	Trust: 0.8
vendor:	netgear	model:	pr2000	scope:	eq	version:	1.0.0.28	Trust: 0.8
vendor:	netgear	model:	r6050	scope:	eq	version:	1.0.1.18	Trust: 0.8
vendor:	netgear	model:	r6120	scope:	eq	version:	1.0.0.46	Trust: 0.8
vendor:	netgear	model:	r6220	scope:	eq	version:	1.1.0.80	Trust: 0.8
vendor:	netgear	model:	r6230	scope:	eq	version:	1.1.0.80	Trust: 0.8
vendor:	netgear	model:	r6260	scope:	eq	version:	1.1.0.64	Trust: 0.8
vendor:	netgear	model:	r6700	scope:	eq	version:	1.2.0.36	Trust: 0.8
vendor:	netgear	model:	r7900	scope:	lt	version:	1.0.1.18	Trust: 0.6

sources: CNVD: CNVD-2020-26953 // JVNDB: JVNDB-2020-004534 // NVD: CVE-2020-11788

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-11788
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2020-11788
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-004534
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-26953
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-1159
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-11788
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-004534
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-26953
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-11788
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2020-11788
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-004534
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-26953 // JVNDB: JVNDB-2020-004534 // CNNVD: CNNVD-202004-1159 // NVD: CVE-2020-11788 // NVD: CVE-2020-11788

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-287	Trust: 0.8

sources: JVNDB: JVNDB-2020-004534 // NVD: CVE-2020-11788

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1159

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202004-1159

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004534

PATCH

title:	Security Advisory for Authentication Bypass on Some Gateways and Routers, PSV-2018-0570	url:	https://kb.netgear.com/000061742/Security-Advisory-for-Authentication-Bypass-on-Some-Gateways-and-Routers-PSV-2018-0570	Trust: 0.8
title:	Patch for Multiple NETGEAR product authorization issue vulnerabilities (CNVD-2020-26953)	url:	https://www.cnvd.org.cn/patchInfo/show/216407	Trust: 0.6
title:	Multiple NETGEAR Product Authorization Issue Vulnerability Fixing Measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116860	Trust: 0.6

sources: CNVD: CNVD-2020-26953 // JVNDB: JVNDB-2020-004534 // CNNVD: CNNVD-202004-1159

EXTERNAL IDS

db:	NVD	id:	CVE-2020-11788	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-004534	Trust: 0.8
db:	CNVD	id:	CNVD-2020-26953	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1159	Trust: 0.6

sources: CNVD: CNVD-2020-26953 // JVNDB: JVNDB-2020-004534 // CNNVD: CNNVD-202004-1159 // NVD: CVE-2020-11788

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-11788	Trust: 2.0
url:	https://kb.netgear.com/000061742/security-advisory-for-authentication-bypass-on-some-gateways-and-routers-psv-2018-0570	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11788	Trust: 0.8

sources: CNVD: CNVD-2020-26953 // JVNDB: JVNDB-2020-004534 // CNNVD: CNNVD-202004-1159 // NVD: CVE-2020-11788

SOURCES

db:	CNVD	id:	CNVD-2020-26953
db:	JVNDB	id:	JVNDB-2020-004534
db:	CNNVD	id:	CNNVD-202004-1159
db:	NVD	id:	CVE-2020-11788

LAST UPDATE DATE

2024-11-23T22:11:34.888000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-26953	date:	2020-05-07T00:00:00
db:	JVNDB	id:	JVNDB-2020-004534	date:	2020-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202004-1159	date:	2020-04-26T00:00:00
db:	NVD	id:	CVE-2020-11788	date:	2024-11-21T04:58:37.543

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-26953	date:	2020-05-07T00:00:00
db:	JVNDB	id:	JVNDB-2020-004534	date:	2020-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202004-1159	date:	2020-04-15T00:00:00
db:	NVD	id:	CVE-2020-11788	date:	2020-04-15T18:15:14.957