Sign-up

ID

VAR-202004-0758


CVE

CVE-2019-20738


TITLE

plural NETGEAR Cross-site scripting vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-015455

DESCRIPTION

Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.34, JNR1010v2 before 1.1.0.50, JWNR2010v5 before 1.1.0.50, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6100 before 1.0.1.16, R6120 before 1.0.0.40, R6700v2 before 1.2.0.14, R6800 before 1.2.0.14, R6900v2 before 1.2.0.14, R7500v2 before 1.0.3.26, R7800 before 1.0.2.46, R9000 before 1.0.4.2, WN3000RPv2 before 1.0.0.52, WN3000RPv3 before 1.0.2.78, WNDR3700v4 before 1.0.2.102, WNDR3700v5 before 1.1.0.54, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.50, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.50, and WNR2050 before 1.1.0.50. NOTE: this may be a result of an incomplete fix for CVE-2017-18866. plural NETGEAR A cross-site scripting vulnerability exists in the device. This vulnerability is CVE-2017-18866 This is a vulnerability caused by an incomplete fix for.Information may be obtained and tampered with

Trust: 1.62

sources: NVD: CVE-2019-20738 // JVNDB: JVNDB-2019-015455

AFFECTED PRODUCTS

vendor:netgearmodel:wnr2020scope:ltversion:1.1.0.50

Trust: 1.0

vendor:netgearmodel:wndr4300scope:ltversion:1.0.2.104

Trust: 1.0

vendor:netgearmodel:r6100scope:ltversion:1.0.1.16

Trust: 1.0

vendor:netgearmodel:r6120scope:ltversion:1.0.0.40

Trust: 1.0

vendor:netgearmodel:wndr3700scope:ltversion:1.1.0.54

Trust: 1.0

vendor:netgearmodel:rbs50scope:ltversion:2.3.5.30

Trust: 1.0

vendor:netgearmodel:wndr4300scope:ltversion:1.0.0.48

Trust: 1.0

vendor:netgearmodel:rbr50scope:ltversion:2.3.5.30

Trust: 1.0

vendor:netgearmodel:d7800scope:ltversion:1.0.1.34

Trust: 1.0

vendor:netgearmodel:d6100scope:ltversion:1.0.0.58

Trust: 1.0

vendor:netgearmodel:wnr1000scope:ltversion:1.1.0.50

Trust: 1.0

vendor:netgearmodel:r6080scope:ltversion:1.0.0.30

Trust: 1.0

vendor:netgearmodel:wn3000rpscope:ltversion:1.0.2.78

Trust: 1.0

vendor:netgearmodel:r7500scope:ltversion:1.0.3.26

Trust: 1.0

vendor:netgearmodel:wndr3700scope:ltversion:1.0.2.102

Trust: 1.0

vendor:netgearmodel:jnr1010scope:ltversion:1.1.0.50

Trust: 1.0

vendor:netgearmodel:r7800scope:ltversion:1.0.2.46

Trust: 1.0

vendor:netgearmodel:r6020scope:ltversion:1.0.0.30

Trust: 1.0

vendor:netgearmodel:rbk50scope:ltversion:2.3.5.30

Trust: 1.0

vendor:netgearmodel:r6700scope:ltversion:1.2.0.14

Trust: 1.0

vendor:netgearmodel:r6900scope:ltversion:1.2.0.14

Trust: 1.0

vendor:netgearmodel:r9000scope:ltversion:1.0.4.2

Trust: 1.0

vendor:netgearmodel:wndr4500scope:ltversion:1.0.0.48

Trust: 1.0

vendor:netgearmodel:r6800scope:ltversion:1.2.0.14

Trust: 1.0

vendor:netgearmodel:wnr2000scope:ltversion:1.0.0.64

Trust: 1.0

vendor:netgearmodel:wnr2050scope:ltversion:1.1.0.50

Trust: 1.0

vendor:netgearmodel:wn3000rpscope:ltversion:1.0.0.52

Trust: 1.0

vendor:netgearmodel:jwnr2010scope:ltversion:1.1.0.50

Trust: 1.0

vendor:netgearmodel:d6100scope:eqversion:1.0.0.58

Trust: 0.8

vendor:netgearmodel:d7800scope:eqversion:1.0.1.34

Trust: 0.8

vendor:netgearmodel:jnr1010scope:eqversion:1.1.0.50

Trust: 0.8

vendor:netgearmodel:jwnr2010scope:eqversion:1.1.0.50

Trust: 0.8

vendor:netgearmodel:r6020scope:eqversion:1.0.0.30

Trust: 0.8

vendor:netgearmodel:r6080scope:eqversion:1.0.0.30

Trust: 0.8

vendor:netgearmodel:r6100scope:eqversion:1.0.1.16

Trust: 0.8

vendor:netgearmodel:rbk50scope:eqversion:2.3.5.30

Trust: 0.8

vendor:netgearmodel:rbr50scope:eqversion:2.3.5.30

Trust: 0.8

vendor:netgearmodel:rbs50scope:eqversion:2.3.5.30

Trust: 0.8

sources: JVNDB: JVNDB-2019-015455 // NVD: CVE-2019-20738

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-20738
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2019-20738
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-015455
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202004-1349
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-20738
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015455
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2019-20738
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2019-20738
baseSeverity: MEDIUM
baseScore: 5.2
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 2.7
version: 3.0

Trust: 1.0

NVD: JVNDB-2019-015455
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2019-015455 // CNNVD: CNNVD-202004-1349 // NVD: CVE-2019-20738 // NVD: CVE-2019-20738

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2019-015455 // NVD: CVE-2019-20738

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1349

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202004-1349

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015455

PATCH
title:Security Advisory for Stored Cross Site Scripting on Some Routers, Gateways, and WiFi System, PSV-2016-0100url:https://kb.netgear.com/000061187/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-System-PSV-2016-0100
Trust: 0.8
title:Multiple NETGEAR Fixes for product cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=114908
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-015455 // 
            
            
            
            CNNVD: CNNVD-202004-1349

EXTERNAL IDS
db:NVDid:CVE-2019-20738
Trust: 2.4
db:JVNDBid:JVNDB-2019-015455
Trust: 0.8
db:CNNVDid:CNNVD-202004-1349
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-015455 // 
            
            
            
            CNNVD: CNNVD-202004-1349 // 
            
            
            
            NVD: CVE-2019-20738

REFERENCES
url:https://kb.netgear.com/000061187/security-advisory-for-stored-cross-site-scripting-on-some-routers-gateways-and-wifi-system-psv-2016-0100
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-20738
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20738
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-015455 // 
            
            
            
            CNNVD: CNNVD-202004-1349 // 
            
            
            
            NVD: CVE-2019-20738

SOURCES
db:JVNDBid:JVNDB-2019-015455
db:CNNVDid:CNNVD-202004-1349
db:NVDid:CVE-2019-20738

LAST UPDATE DATE
2024-11-23T22:51:27.268000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2019-015455date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1349date:2020-05-06T00:00:00
db:NVDid:CVE-2019-20738date:2024-11-21T04:39:13.863

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2019-015455date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-1349date:2020-04-16T00:00:00
db:NVDid:CVE-2019-20738date:2020-04-16T20:15:13.820