Sign-up

ID

VAR-202004-0740


CVE

CVE-2019-20760


TITLE

NETGEAR R9000 Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-015326

DESCRIPTION

NETGEAR R9000 devices before 1.0.4.26 are affected by authentication bypass. NETGEAR R9000 There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R9000 is a wireless router of NETGEAR

Trust: 2.16

sources: NVD: CVE-2019-20760 // JVNDB: JVNDB-2019-015326 // CNVD: CNVD-2020-27306

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-27306

AFFECTED PRODUCTS

vendor:netgearmodel:r9000scope:ltversion:1.0.4.26

Trust: 1.6

vendor:netgearmodel:r9000scope:eqversion:1.0.4.26

Trust: 0.8

sources: CNVD: CNVD-2020-27306 // JVNDB: JVNDB-2019-015326 // NVD: CVE-2019-20760

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-20760
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2019-20760
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-015326
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-27306
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1371
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-20760
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015326
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-27306
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-20760
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2019-20760
baseSeverity: HIGH
baseScore: 8.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 5.5
version: 3.0

Trust: 1.0

NVD: JVNDB-2019-015326
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-27306 // JVNDB: JVNDB-2019-015326 // CNNVD: CNNVD-202004-1371 // NVD: CVE-2019-20760 // NVD: CVE-2019-20760

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-287

Trust: 0.8

sources: JVNDB: JVNDB-2019-015326 // NVD: CVE-2019-20760

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1371

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202004-1371

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015326

PATCH
title:Security Advisory for Authentication Bypass on R9000, PSV-2018-0615url:https://kb.netgear.com/000060639/Security-Advisory-for-Authentication-Bypass-on-R9000-PSV-2018-0615
Trust: 0.8
title:Patch for NETGEAR R9000 authorization issue vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/216953
Trust: 0.6
title:NETGEAR R9000 Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116599
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-27306 // 
            
            
            
            JVNDB: JVNDB-2019-015326 // 
            
            
            
            CNNVD: CNNVD-202004-1371

EXTERNAL IDS
db:NVDid:CVE-2019-20760
Trust: 3.0
db:JVNDBid:JVNDB-2019-015326
Trust: 0.8
db:CNVDid:CNVD-2020-27306
Trust: 0.6
db:CNNVDid:CNNVD-202004-1371
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-27306 // 
            
            
            
            JVNDB: JVNDB-2019-015326 // 
            
            
            
            CNNVD: CNNVD-202004-1371 // 
            
            
            
            NVD: CVE-2019-20760

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-20760
Trust: 2.0
url:https://kb.netgear.com/000060639/security-advisory-for-authentication-bypass-on-r9000-psv-2018-0615
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20760
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-27306 // 
            
            
            
            JVNDB: JVNDB-2019-015326 // 
            
            
            
            CNNVD: CNNVD-202004-1371 // 
            
            
            
            NVD: CVE-2019-20760

SOURCES
db:CNVDid:CNVD-2020-27306
db:JVNDBid:JVNDB-2019-015326
db:CNNVDid:CNNVD-202004-1371
db:NVDid:CVE-2019-20760

LAST UPDATE DATE
2024-11-23T22:44:36.893000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-27306date:2020-05-09T00:00:00
db:JVNDBid:JVNDB-2019-015326date:2020-05-12T00:00:00
db:CNNVDid:CNNVD-202004-1371date:2020-08-25T00:00:00
db:NVDid:CVE-2019-20760date:2024-11-21T04:39:17.633

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-27306date:2020-05-09T00:00:00
db:JVNDBid:JVNDB-2019-015326date:2020-05-12T00:00:00
db:CNNVDid:CNNVD-202004-1371date:2020-04-16T00:00:00
db:NVDid:CVE-2019-20760date:2020-04-16T22:15:13.243