Details of VAR-202004-0801

ID

VAR-202004-0801

CVE

CVE-2019-20729

TITLE

plural NETGEAR Input verification vulnerabilities on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-015388

DESCRIPTION

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JNDR3000 before 1.0.0.22, R6250 before 1.0.4.26, R6300v2 before 1.0.4.22, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.28, R6900P before 1.3.1.26, R7000P before 1.3.1.26, R7300DST before 1.0.0.62, R7900 before 1.0.2.16, R8000 before 1.0.4.18, R7900P before 1.4.1.42, R8000P before 1.4.1.42, R8300 before 1.0.2.116, R8500 before 1.0.2.116, WNDR3400v3 before 1.0.1.18, WNDR4500v2 before 1.0.0.68, and WNR3500Lv2 before 1.2.0.48. plural NETGEAR The device contains an input verification vulnerability.Information may be tampered with

Trust: 1.62

sources: NVD: CVE-2019-20729 // JVNDB: JVNDB-2019-015388

AFFECTED PRODUCTS

vendor:	netgear	model:	jndr3000	scope:	lt	version:	1.0.0.22	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lt	version:	1.0.1.44	Trust: 1.0
vendor:	netgear	model:	r6900	scope:	lt	version:	1.0.1.44	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.2.52	Trust: 1.0
vendor:	netgear	model:	wndr3400	scope:	lt	version:	1.0.1.18	Trust: 1.0
vendor:	netgear	model:	wndr4500	scope:	lt	version:	1.0.0.68	Trust: 1.0
vendor:	netgear	model:	r7900	scope:	lt	version:	1.0.2.16	Trust: 1.0
vendor:	netgear	model:	wnr3500l	scope:	lt	version:	1.2.0.48	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.1.36	Trust: 1.0
vendor:	netgear	model:	r6250	scope:	lt	version:	1.0.4.26	Trust: 1.0
vendor:	netgear	model:	r7900p	scope:	lt	version:	1.4.1.42	Trust: 1.0
vendor:	netgear	model:	r6900p	scope:	lt	version:	1.3.1.26	Trust: 1.0
vendor:	netgear	model:	r8500	scope:	lt	version:	1.0.2.116	Trust: 1.0
vendor:	netgear	model:	r7000	scope:	lt	version:	1.0.9.28	Trust: 1.0
vendor:	netgear	model:	r8000	scope:	lt	version:	1.0.4.18	Trust: 1.0
vendor:	netgear	model:	r6300	scope:	lt	version:	1.0.4.22	Trust: 1.0
vendor:	netgear	model:	r8000p	scope:	lt	version:	1.4.1.42	Trust: 1.0
vendor:	netgear	model:	r7300dst	scope:	lt	version:	1.0.0.62	Trust: 1.0
vendor:	netgear	model:	r8300	scope:	lt	version:	1.0.2.116	Trust: 1.0
vendor:	netgear	model:	r7000p	scope:	lt	version:	1.3.1.26	Trust: 1.0
vendor:	netgear	model:	jndr3000	scope:	eq	version:	1.0.0.22	Trust: 0.8
vendor:	netgear	model:	r6250	scope:	eq	version:	1.0.4.26	Trust: 0.8
vendor:	netgear	model:	r6300	scope:	eq	version:	1.0.4.22	Trust: 0.8
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.1.36	Trust: 0.8
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.2.52	Trust: 0.8
vendor:	netgear	model:	r6700	scope:	eq	version:	1.0.1.44	Trust: 0.8
vendor:	netgear	model:	r6900	scope:	eq	version:	1.0.1.44	Trust: 0.8
vendor:	netgear	model:	r6900p	scope:	eq	version:	1.3.1.26	Trust: 0.8
vendor:	netgear	model:	r7000	scope:	eq	version:	1.0.9.28	Trust: 0.8
vendor:	netgear	model:	r7000p	scope:	eq	version:	1.3.1.26	Trust: 0.8

sources: JVNDB: JVNDB-2019-015388 // NVD: CVE-2019-20729

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-20729
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2019-20729
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2019-015388
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202004-1340
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-20729
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-015388
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2019-20729
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2019-20729
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	1.5
impactScore:	6.0
version:	3.0
Trust: 1.0
NVD:	JVNDB-2019-015388
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2019-015388 // CNNVD: CNNVD-202004-1340 // NVD: CVE-2019-20729 // NVD: CVE-2019-20729

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.8

sources: JVNDB: JVNDB-2019-015388 // NVD: CVE-2019-20729

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1340

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1340

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015388

PATCH

title:	Security Advisory for Security Misconfiguration on Some Routers, PSV-2017-3120	url:	https://kb.netgear.com/000061198/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2017-3120	Trust: 0.8
title:	Multiple NETGEAR Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116589	Trust: 0.6

sources: JVNDB: JVNDB-2019-015388 // CNNVD: CNNVD-202004-1340

EXTERNAL IDS

db:	NVD	id:	CVE-2019-20729	Trust: 2.4
db:	JVNDB	id:	JVNDB-2019-015388	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-1340	Trust: 0.6

sources: JVNDB: JVNDB-2019-015388 // CNNVD: CNNVD-202004-1340 // NVD: CVE-2019-20729

REFERENCES

url:	https://kb.netgear.com/000061198/security-advisory-for-security-misconfiguration-on-some-routers-psv-2017-3120	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20729	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20729	Trust: 0.8

sources: JVNDB: JVNDB-2019-015388 // CNNVD: CNNVD-202004-1340 // NVD: CVE-2019-20729

SOURCES

db:	JVNDB	id:	JVNDB-2019-015388
db:	CNNVD	id:	CNNVD-202004-1340
db:	NVD	id:	CVE-2019-20729

LAST UPDATE DATE

2024-11-23T22:16:31.027000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2019-015388	date:	2020-05-14T00:00:00
db:	CNNVD	id:	CNNVD-202004-1340	date:	2020-04-26T00:00:00
db:	NVD	id:	CVE-2019-20729	date:	2024-11-21T04:39:12.277

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2019-015388	date:	2020-05-14T00:00:00
db:	CNNVD	id:	CNNVD-202004-1340	date:	2020-04-16T00:00:00
db:	NVD	id:	CVE-2019-20729	date:	2020-04-16T20:15:13.273