Details of VAR-202004-0882

ID

VAR-202004-0882

CVE

CVE-2019-20642

TITLE

NETGEAR RAX40 Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-015310

DESCRIPTION

NETGEAR RAX40 devices before 1.0.3.64 are affected by authentication bypass. NETGEAR RAX40 There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR RAX40 is a wireless router of NETGEAR

Trust: 2.16

sources: NVD: CVE-2019-20642 // JVNDB: JVNDB-2019-015310 // CNVD: CNVD-2020-24160

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-24160

AFFECTED PRODUCTS

vendor:	netgear	model:	rax40	scope:	lt	version:	1.0.3.64	Trust: 1.6
vendor:	netgear	model:	rax40	scope:	eq	version:	1.0.3.64	Trust: 0.8

sources: CNVD: CNVD-2020-24160 // JVNDB: JVNDB-2019-015310 // NVD: CVE-2019-20642

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-20642
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2019-20642
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2019-015310
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-24160
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-1244
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-20642
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-015310
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-24160
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-20642
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2019-20642
baseSeverity:	CRITICAL
baseScore:	9.0
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.3
impactScore:	6.0
version:	3.0
Trust: 1.0
NVD:	JVNDB-2019-015310
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-24160 // JVNDB: JVNDB-2019-015310 // CNNVD: CNNVD-202004-1244 // NVD: CVE-2019-20642 // NVD: CVE-2019-20642

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-287	Trust: 0.8

sources: JVNDB: JVNDB-2019-015310 // NVD: CVE-2019-20642

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1244

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202004-1244

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015310

PATCH

title:	Security Advisory for Authentication Bypass on RAX40, PSV-2019-0266	url:	https://kb.netgear.com/000061500/Security-Advisory-for-Authentication-Bypass-on-RAX40-PSV-2019-0266	Trust: 0.8
title:	Patch for NETGEAR RAX40 authorization issue vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/215047	Trust: 0.6
title:	NETGEAR RAX40 Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116539	Trust: 0.6

sources: CNVD: CNVD-2020-24160 // JVNDB: JVNDB-2019-015310 // CNNVD: CNNVD-202004-1244

EXTERNAL IDS

db:	NVD	id:	CVE-2019-20642	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-015310	Trust: 0.8
db:	CNVD	id:	CNVD-2020-24160	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1244	Trust: 0.6

sources: CNVD: CNVD-2020-24160 // JVNDB: JVNDB-2019-015310 // CNNVD: CNNVD-202004-1244 // NVD: CVE-2019-20642

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-20642	Trust: 2.0
url:	https://kb.netgear.com/000061500/security-advisory-for-authentication-bypass-on-rax40-psv-2019-0266	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20642	Trust: 0.8

sources: CNVD: CNVD-2020-24160 // JVNDB: JVNDB-2019-015310 // CNNVD: CNNVD-202004-1244 // NVD: CVE-2019-20642

SOURCES

db:	CNVD	id:	CNVD-2020-24160
db:	JVNDB	id:	JVNDB-2019-015310
db:	CNNVD	id:	CNNVD-202004-1244
db:	NVD	id:	CVE-2019-20642

LAST UPDATE DATE

2024-11-23T23:08:02.781000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-24160	date:	2020-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-015310	date:	2020-05-11T00:00:00
db:	CNNVD	id:	CNNVD-202004-1244	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-20642	date:	2024-11-21T04:38:57.040

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-24160	date:	2020-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-015310	date:	2020-05-11T00:00:00
db:	CNNVD	id:	CNNVD-202004-1244	date:	2020-04-15T00:00:00
db:	NVD	id:	CVE-2019-20642	date:	2020-04-15T18:15:14.240