Details of VAR-202004-0792

ID

VAR-202004-0792

CVE

CVE-2019-20746

TITLE

plural NETGEAR Cross-site scripting vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-015368

DESCRIPTION

Certain NETGEAR devices are affected by reflected XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.8, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. This affects D3600 prior to 1.0.0.75, D6000 prior to 1.0.0.75, D7800 prior to 1.0.1.44, DM200 prior to 1.0.0.58, R7800 prior to 1.0.2.58, R8900 prior to 1.0.4.12, R9000 prior to 1.0.4.8, RBK20 prior to 2.3.0.28, RBR20 prior to 2.3.0.28, RBS20 prior to 2.3.0.28, RBK40 prior to 2.3.0.28, RBS40 prior to 2.3.0.28, RBK50 prior to 2.3.0.32, RBR50 prior to 2.3.0.32, RBS50 prior to 2.3.0.32, WN3000RPv2 prior to 1.0.0.68, WN3000RPv3 prior to 1.0.2.70, WN3100RPv2 prior to 1.0.0.60, WNDR4300v2 prior to 1.0.0.58, WNDR4500v3 prior to 1.0.0.58, and WNR2000v5 prior to 1.0.0.68

Trust: 1.71

sources: NVD: CVE-2019-20746 // JVNDB: JVNDB-2019-015368 // VULMON: CVE-2019-20746

AFFECTED PRODUCTS

vendor:	netgear	model:	wn3100rp	scope:	lt	version:	1.0.0.60	Trust: 1.0
vendor:	netgear	model:	rbr50	scope:	lt	version:	2.3.0.32	Trust: 1.0
vendor:	netgear	model:	r9000	scope:	lt	version:	1.0.4.8	Trust: 1.0
vendor:	netgear	model:	d6000	scope:	lt	version:	1.0.0.75	Trust: 1.0
vendor:	netgear	model:	wndr4500	scope:	lt	version:	1.0.0.58	Trust: 1.0
vendor:	netgear	model:	rbk40	scope:	lt	version:	2.3.0.28	Trust: 1.0
vendor:	netgear	model:	rbr20	scope:	lt	version:	2.3.0.28	Trust: 1.0
vendor:	netgear	model:	d3600	scope:	lt	version:	1.0.0.75	Trust: 1.0
vendor:	netgear	model:	dm200	scope:	lt	version:	1.0.0.58	Trust: 1.0
vendor:	netgear	model:	rbk20	scope:	lt	version:	2.3.0.28	Trust: 1.0
vendor:	netgear	model:	rbs40	scope:	lt	version:	2.3.0.28	Trust: 1.0
vendor:	netgear	model:	rbk50	scope:	lt	version:	2.3.0.32	Trust: 1.0
vendor:	netgear	model:	wnr2000	scope:	lt	version:	1.0.0.68	Trust: 1.0
vendor:	netgear	model:	wn3000rp	scope:	lt	version:	1.0.2.70	Trust: 1.0
vendor:	netgear	model:	r7800	scope:	lt	version:	1.0.2.58	Trust: 1.0
vendor:	netgear	model:	r8900	scope:	lt	version:	1.0.4.12	Trust: 1.0
vendor:	netgear	model:	d7800	scope:	lt	version:	1.0.1.44	Trust: 1.0
vendor:	netgear	model:	wndr4300	scope:	lt	version:	1.0.0.58	Trust: 1.0
vendor:	netgear	model:	wn3000rp	scope:	lt	version:	1.0.0.68	Trust: 1.0
vendor:	netgear	model:	rbs50	scope:	lt	version:	2.3.0.32	Trust: 1.0
vendor:	netgear	model:	rbs20	scope:	lt	version:	2.3.0.28	Trust: 1.0
vendor:	netgear	model:	d3600	scope:	eq	version:	1.0.0.75	Trust: 0.8
vendor:	netgear	model:	d6000	scope:	eq	version:	1.0.0.75	Trust: 0.8
vendor:	netgear	model:	d7800	scope:	eq	version:	1.0.1.44	Trust: 0.8
vendor:	netgear	model:	dm200	scope:	eq	version:	1.0.0.58	Trust: 0.8
vendor:	netgear	model:	r7800	scope:	eq	version:	1.0.2.58	Trust: 0.8
vendor:	netgear	model:	r8900	scope:	eq	version:	1.0.4.12	Trust: 0.8
vendor:	netgear	model:	r9000	scope:	eq	version:	1.0.4.8	Trust: 0.8
vendor:	netgear	model:	rbk20	scope:	eq	version:	2.3.0.28	Trust: 0.8
vendor:	netgear	model:	rbr20	scope:	eq	version:	2.3.0.28	Trust: 0.8
vendor:	netgear	model:	rbs20	scope:	eq	version:	2.3.0.28	Trust: 0.8

sources: JVNDB: JVNDB-2019-015368 // NVD: CVE-2019-20746

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-20746
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2019-20746
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2019-015368
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202004-1357
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2019-20746
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-20746
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2019-015368
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2019-20746
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	2.7
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2019-20746
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	2.7
version:	3.0
Trust: 1.0
NVD:	JVNDB-2019-015368
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2019-20746 // JVNDB: JVNDB-2019-015368 // CNNVD: CNNVD-202004-1357 // NVD: CVE-2019-20746 // NVD: CVE-2019-20746

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2019-015368 // NVD: CVE-2019-20746

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1357

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202004-1357

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015368

PATCH

title:	Security Advisory for Reflected Cross Site Scripting on Some Routers, Gateways, and WiFi Systems, PSV-2018-0252	url:	https://kb.netgear.com/000060973/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0252	Trust: 0.8
title:	Multiple NETGEAR Fixes for product cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=114945	Trust: 0.6

sources: JVNDB: JVNDB-2019-015368 // CNNVD: CNNVD-202004-1357

EXTERNAL IDS

db:	NVD	id:	CVE-2019-20746	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-015368	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-1357	Trust: 0.6
db:	VULMON	id:	CVE-2019-20746	Trust: 0.1

sources: VULMON: CVE-2019-20746 // JVNDB: JVNDB-2019-015368 // CNNVD: CNNVD-202004-1357 // NVD: CVE-2019-20746

REFERENCES

url:	https://kb.netgear.com/000060973/security-advisory-for-reflected-cross-site-scripting-on-some-routers-gateways-and-wifi-systems-psv-2018-0252	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20746	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20746	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2019-20746 // JVNDB: JVNDB-2019-015368 // CNNVD: CNNVD-202004-1357 // NVD: CVE-2019-20746

SOURCES

db:	VULMON	id:	CVE-2019-20746
db:	JVNDB	id:	JVNDB-2019-015368
db:	CNNVD	id:	CNNVD-202004-1357
db:	NVD	id:	CVE-2019-20746

LAST UPDATE DATE

2024-11-23T21:35:58.882000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2019-20746	date:	2020-04-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-015368	date:	2020-05-14T00:00:00
db:	CNNVD	id:	CNNVD-202004-1357	date:	2020-04-26T00:00:00
db:	NVD	id:	CVE-2019-20746	date:	2024-11-21T04:39:15.160

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2019-20746	date:	2020-04-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-015368	date:	2020-05-14T00:00:00
db:	CNNVD	id:	CNNVD-202004-1357	date:	2020-04-16T00:00:00
db:	NVD	id:	CVE-2019-20746	date:	2020-04-16T21:15:12.767