Sign-up

ID

VAR-202004-0796


CVE

CVE-2019-20750


TITLE

plural NETGEAR Cross-site scripting vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-015365

DESCRIPTION

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.47, EX6150v2 before 1.0.1.76, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv3 before 1.0.2.70, and WN3100RPv2 before 1.0.0.66. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with

Trust: 1.62

sources: NVD: CVE-2019-20750 // JVNDB: JVNDB-2019-015365

AFFECTED PRODUCTS

vendor:netgearmodel:wn3000rpscope:ltversion:1.0.2.70

Trust: 1.0

vendor:netgearmodel:r9000scope:ltversion:1.0.4.12

Trust: 1.0

vendor:netgearmodel:r8900scope:ltversion:1.0.4.12

Trust: 1.0

vendor:netgearmodel:ex6150scope:ltversion:1.0.1.76

Trust: 1.0

vendor:netgearmodel:ex6100scope:ltversion:1.0.1.76

Trust: 1.0

vendor:netgearmodel:r7500scope:ltversion:1.0.3.38

Trust: 1.0

vendor:netgearmodel:d7800scope:ltversion:1.0.1.47

Trust: 1.0

vendor:netgearmodel:r7800scope:ltversion:1.0.2.52

Trust: 1.0

vendor:netgearmodel:wn3100rpscope:ltversion:1.0.0.66

Trust: 1.0

vendor:netgearmodel:wn2000rptscope:ltversion:1.0.1.32

Trust: 1.0

vendor:netgearmodel:d7800scope:eqversion:1.0.1.47

Trust: 0.8

vendor:netgearmodel:ex6150scope:eqversion:1.0.1.76

Trust: 0.8

vendor:netgearmodel:r7500scope:eqversion:1.0.3.38

Trust: 0.8

vendor:netgearmodel:r7800scope:eqversion:1.0.2.52

Trust: 0.8

vendor:netgearmodel:r8900scope:eqversion:1.0.4.12

Trust: 0.8

vendor:netgearmodel:r9000scope:eqversion:1.0.4.12

Trust: 0.8

vendor:netgearmodel:wn2000rptscope:eqversion:1.0.1.32

Trust: 0.8

vendor:netgearmodel:wn3000rpscope:eqversion:1.0.2.70

Trust: 0.8

vendor:netgearmodel:wn3100rpscope:eqversion:1.0.0.66

Trust: 0.8

sources: JVNDB: JVNDB-2019-015365 // NVD: CVE-2019-20750

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-20750
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2019-20750
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-015365
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202004-1361
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-20750
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015365
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2019-20750
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2019-20750
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.0

Trust: 1.0

NVD: JVNDB-2019-015365
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2019-015365 // CNNVD: CNNVD-202004-1361 // NVD: CVE-2019-20750 // NVD: CVE-2019-20750

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2019-015365 // NVD: CVE-2019-20750

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1361

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202004-1361

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015365

PATCH
title:Security Advisory for Stored Cross Site Scripting on Some Extenders, Gateways, and Routers, PSV-2018-0173url:https://kb.netgear.com/000060966/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Extenders-Gateways-and-Routers-PSV-2018-0173
Trust: 0.8
title:Multiple NETGEAR Fixes for product cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115005
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-015365 // 
            
            
            
            CNNVD: CNNVD-202004-1361

EXTERNAL IDS
db:NVDid:CVE-2019-20750
Trust: 2.4
db:JVNDBid:JVNDB-2019-015365
Trust: 0.8
db:CNNVDid:CNNVD-202004-1361
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-015365 // 
            
            
            
            CNNVD: CNNVD-202004-1361 // 
            
            
            
            NVD: CVE-2019-20750

REFERENCES
url:https://kb.netgear.com/000060966/security-advisory-for-stored-cross-site-scripting-on-some-extenders-gateways-and-routers-psv-2018-0173
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-20750
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20750
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-015365 // 
            
            
            
            CNNVD: CNNVD-202004-1361 // 
            
            
            
            NVD: CVE-2019-20750

SOURCES
db:JVNDBid:JVNDB-2019-015365
db:CNNVDid:CNNVD-202004-1361
db:NVDid:CVE-2019-20750

LAST UPDATE DATE
2024-11-23T22:25:33.134000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2019-015365date:2020-05-14T00:00:00
db:CNNVDid:CNNVD-202004-1361date:2020-04-26T00:00:00
db:NVDid:CVE-2019-20750date:2024-11-21T04:39:15.850

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2019-015365date:2020-05-14T00:00:00
db:CNNVDid:CNNVD-202004-1361date:2020-04-16T00:00:00
db:NVDid:CVE-2019-20750date:2020-04-16T21:15:13.003