Sign-up

ID

VAR-202004-0778


CVE

CVE-2019-20716


TITLE

NETGEAR DGN2200 and DGND2200B Out-of-bounds write vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-015411

DESCRIPTION

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects DGN2200v4 before 1.0.0.110 and DGND2200Bv4 before 1.0.0.109. NETGEAR DGN2200 and DGND2200B The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR DGN2200 and NETGEAR DGND2200B are both wireless routers of NETGEAR. NETGEAR DGN2200v4 versions prior to 1.0.0.110 and DGND2200Bv4 versions prior to 1.0.0.109 have a buffer overflow vulnerability that results from network systems or products performing incorrect operations on the memory and incorrectly verifying the data boundary, leading to other memory locations associated An erroneous read and write operation was performed, and an attacker could use the vulnerability to cause a buffer overflow or heap overflow

Trust: 2.16

sources: NVD: CVE-2019-20716 // JVNDB: JVNDB-2019-015411 // CNVD: CNVD-2020-30687

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-30687

AFFECTED PRODUCTS

vendor:netgearmodel:dgn2200scope:ltversion:1.0.0.110

Trust: 1.0

vendor:netgearmodel:dgnd2200bscope:ltversion:1.0.0.109

Trust: 1.0

vendor:netgearmodel:dgn2200scope:eqversion:1.0.0.110

Trust: 0.8

vendor:netgearmodel:dgnd2200bscope:eqversion:1.0.0.109

Trust: 0.8

vendor:netgearmodel:dgn2200v4scope:ltversion:1.0.0.110

Trust: 0.6

vendor:netgearmodel:dgnd2200bv4scope:ltversion:1.0.0.109

Trust: 0.6

sources: CNVD: CNVD-2020-30687 // JVNDB: JVNDB-2019-015411 // NVD: CVE-2019-20716

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-20716
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2019-20716
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-015411
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-30687
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1300
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-20716
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015411
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-30687
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-20716
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2019-20716
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2019-015411
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-30687 // JVNDB: JVNDB-2019-015411 // CNNVD: CNNVD-202004-1300 // NVD: CVE-2019-20716 // NVD: CVE-2019-20716

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2019-015411 // NVD: CVE-2019-20716

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1300

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1300

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015411

PATCH
title:Security Advisory for Pre-Authentication Stack Overflow on DGN2200v4 and DGND2200Bv4, PSV-2018-0241url:https://kb.netgear.com/000061212/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-DGN2200v4-and-DGND2200Bv4-PSV-2018-0241
Trust: 0.8
title:Patch for NETGEAR DGN2200v4 and DGND2200Bv4 buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/219483
Trust: 0.6
title:NETGEAR DGN2200v4  and DGND2200Bv4 Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116569
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-30687 // 
            
            
            
            JVNDB: JVNDB-2019-015411 // 
            
            
            
            CNNVD: CNNVD-202004-1300

EXTERNAL IDS
db:NVDid:CVE-2019-20716
Trust: 3.0
db:JVNDBid:JVNDB-2019-015411
Trust: 0.8
db:CNVDid:CNVD-2020-30687
Trust: 0.6
db:CNNVDid:CNNVD-202004-1300
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-30687 // 
            
            
            
            JVNDB: JVNDB-2019-015411 // 
            
            
            
            CNNVD: CNNVD-202004-1300 // 
            
            
            
            NVD: CVE-2019-20716

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-20716
Trust: 2.0
url:https://kb.netgear.com/000061212/security-advisory-for-pre-authentication-stack-overflow-on-dgn2200v4-and-dgnd2200bv4-psv-2018-0241
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20716
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-30687 // 
            
            
            
            JVNDB: JVNDB-2019-015411 // 
            
            
            
            CNNVD: CNNVD-202004-1300 // 
            
            
            
            NVD: CVE-2019-20716

CREDITS
Chen Fengfeng
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202004-1300

SOURCES
db:CNVDid:CNVD-2020-30687
db:JVNDBid:JVNDB-2019-015411
db:CNNVDid:CNNVD-202004-1300
db:NVDid:CVE-2019-20716

LAST UPDATE DATE
2024-11-23T22:29:40.016000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-30687date:2020-05-29T00:00:00
db:JVNDBid:JVNDB-2019-015411date:2020-05-19T00:00:00
db:CNNVDid:CNNVD-202004-1300date:2020-04-26T00:00:00
db:NVDid:CVE-2019-20716date:2024-11-21T04:39:10.173

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-30687date:2020-05-29T00:00:00
db:JVNDBid:JVNDB-2019-015411date:2020-05-19T00:00:00
db:CNNVDid:CNNVD-202004-1300date:2020-04-16T00:00:00
db:NVDid:CVE-2019-20716date:2020-04-16T19:15:24.883