Sign-up

ID

VAR-202004-0742


CVE

CVE-2019-20762


TITLE

plural NETGEAR Classic buffer overflow vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2019-015437

DESCRIPTION

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D8500 before 1.0.3.43, R8500 before 1.0.2.128, R8300 before 1.0.2.128, R8000 before 1.0.4.28, R7300DST before 1.0.0.68, R7100LG before 1.0.0.48, R6900P before 1.3.1.44, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R7000P before 1.3.1.44, R7000 before 1.0.9.34, R6900 before 1.0.2.4, R6700 before 1.0.2.6, and R6400 before 1.0.1.44. plural NETGEAR A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D8500, etc. are all wireless routers from NETGEAR. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow

Trust: 2.16

sources: NVD: CVE-2019-20762 // JVNDB: JVNDB-2019-015437 // CNVD: CNVD-2021-61062

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-61062

AFFECTED PRODUCTS

vendor:netgearmodel:r6700scope:ltversion:1.0.2.6

Trust: 1.6

vendor:netgearmodel:r6900scope:ltversion:1.0.2.4

Trust: 1.6

vendor:netgearmodel:r7900pscope:ltversion:1.4.1.30

Trust: 1.6

vendor:netgearmodel:r8000pscope:ltversion:1.4.1.30

Trust: 1.6

vendor:netgearmodel:r8300scope:ltversion:1.0.2.128

Trust: 1.6

vendor:netgearmodel:r8500scope:ltversion:1.0.2.128

Trust: 1.6

vendor:netgearmodel:r7000pscope:ltversion:1.3.1.44

Trust: 1.6

vendor:netgearmodel:r6900pscope:ltversion:1.3.1.44

Trust: 1.6

vendor:netgearmodel:d8500scope:ltversion:1.0.3.43

Trust: 1.6

vendor:netgearmodel:r6400scope:ltversion:1.0.1.44

Trust: 1.6

vendor:netgearmodel:r7100lgscope:ltversion:1.0.0.48

Trust: 1.6

vendor:netgearmodel:r7300dstscope:ltversion:1.0.0.68

Trust: 1.6

vendor:netgearmodel:r8000scope:ltversion:1.0.4.28

Trust: 1.6

vendor:netgearmodel:r7000scope:ltversion:1.0.9.34

Trust: 1.6

vendor:netgearmodel:d8500scope:eqversion:1.0.3.43

Trust: 0.8

vendor:netgearmodel:r6900pscope:eqversion:1.3.1.44

Trust: 0.8

vendor:netgearmodel:r7000pscope:eqversion:1.3.1.44

Trust: 0.8

vendor:netgearmodel:r7100lgscope:eqversion:1.0.0.48

Trust: 0.8

vendor:netgearmodel:r7300dstscope:eqversion:1.0.0.68

Trust: 0.8

vendor:netgearmodel:r7900pscope:eqversion:1.4.1.30

Trust: 0.8

vendor:netgearmodel:r8000scope:eqversion:1.0.4.28

Trust: 0.8

vendor:netgearmodel:r8000pscope:eqversion:1.4.1.30

Trust: 0.8

vendor:netgearmodel:r8300scope:eqversion:1.0.2.128

Trust: 0.8

vendor:netgearmodel:r8500scope:eqversion:1.0.2.128

Trust: 0.8

sources: CNVD: CNVD-2021-61062 // JVNDB: JVNDB-2019-015437 // NVD: CVE-2019-20762

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-20762
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2019-20762
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-015437
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-61062
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1373
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-20762
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015437
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-61062
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-20762
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2019-20762
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2019-015437
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-61062 // JVNDB: JVNDB-2019-015437 // CNNVD: CNNVD-202004-1373 // NVD: CVE-2019-20762 // NVD: CVE-2019-20762

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2019-015437 // NVD: CVE-2019-20762

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1373

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1373

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015437

PATCH
title:Security Advisory for Post-Authentication Buffer Overflow on Some Routers, Modem Routers, and Gateways, PSV-2018-0197url:https://kb.netgear.com/000060637/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-Modem-Routers-and-Gateways-PSV-2018-0197
Trust: 0.8
title:Patch for Buffer overflow vulnerabilities in multiple NETGEAR products (CNVD-2021-61062)url:https://www.cnvd.org.cn/patchInfo/show/285346
Trust: 0.6
title:Multiple NETGEAR Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115182
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-61062 // 
            
            
            
            JVNDB: JVNDB-2019-015437 // 
            
            
            
            CNNVD: CNNVD-202004-1373

EXTERNAL IDS
db:NVDid:CVE-2019-20762
Trust: 3.0
db:JVNDBid:JVNDB-2019-015437
Trust: 0.8
db:CNVDid:CNVD-2021-61062
Trust: 0.6
db:CNNVDid:CNNVD-202004-1373
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-61062 // 
            
            
            
            JVNDB: JVNDB-2019-015437 // 
            
            
            
            CNNVD: CNNVD-202004-1373 // 
            
            
            
            NVD: CVE-2019-20762

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-20762
Trust: 2.0
url:https://kb.netgear.com/000060637/security-advisory-for-post-authentication-buffer-overflow-on-some-routers-modem-routers-and-gateways-psv-2018-0197
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20762
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-61062 // 
            
            
            
            JVNDB: JVNDB-2019-015437 // 
            
            
            
            CNNVD: CNNVD-202004-1373 // 
            
            
            
            NVD: CVE-2019-20762

SOURCES
db:CNVDid:CNVD-2021-61062
db:JVNDBid:JVNDB-2019-015437
db:CNNVDid:CNNVD-202004-1373
db:NVDid:CVE-2019-20762

LAST UPDATE DATE
2024-11-23T22:58:19.218000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-61062date:2021-08-11T00:00:00
db:JVNDBid:JVNDB-2019-015437date:2020-05-19T00:00:00
db:CNNVDid:CNNVD-202004-1373date:2020-04-26T00:00:00
db:NVDid:CVE-2019-20762date:2024-11-21T04:39:17.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-61062date:2021-08-11T00:00:00
db:JVNDBid:JVNDB-2019-015437date:2020-05-19T00:00:00
db:CNNVDid:CNNVD-202004-1373date:2020-04-16T00:00:00
db:NVDid:CVE-2019-20762date:2020-04-16T22:15:13.400