ID

VAR-202004-0883


CVE

CVE-2019-20643


TITLE

NETGEAR RAX40 information disclosure vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-24161 // CNNVD: CNNVD-202004-1243

DESCRIPTION

NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of sensitive information. NETGEAR RAX40 is a wireless router of NETGEAR

Trust: 2.16

sources: NVD: CVE-2019-20643 // JVNDB: JVNDB-2019-015311 // CNVD: CNVD-2020-24161

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-24161

AFFECTED PRODUCTS

vendor:netgearmodel:rax40scope:ltversion:1.0.3.64

Trust: 1.6

vendor:netgearmodel:rax40scope:eqversion:1.0.3.64

Trust: 0.8

sources: CNVD: CNVD-2020-24161 // JVNDB: JVNDB-2019-015311 // NVD: CVE-2019-20643

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-20643
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2019-20643
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-015311
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-24161
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1243
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-20643
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015311
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-24161
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-20643
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2019-20643
baseSeverity: HIGH
baseScore: 7.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.5
version: 3.0

Trust: 1.0

NVD: JVNDB-2019-015311
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-24161 // JVNDB: JVNDB-2019-015311 // CNNVD: CNNVD-202004-1243 // NVD: CVE-2019-20643 // NVD: CVE-2019-20643

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2019-015311 // NVD: CVE-2019-20643

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1243

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-1243

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015311

PATCH

title:Security Advisory for Sensitive Information Disclosure on RAX40, PSV-2019-0247url:https://kb.netgear.com/000061499/Security-Advisory-for-Sensitive-Information-Disclosure-on-RAX40-PSV-2019-0247

Trust: 0.8

title:Patch for NETGEAR RAX40 information disclosure vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/215045

Trust: 0.6

title:NETGEAR RAX40 Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116538

Trust: 0.6

sources: CNVD: CNVD-2020-24161 // JVNDB: JVNDB-2019-015311 // CNNVD: CNNVD-202004-1243

EXTERNAL IDS

db:NVDid:CVE-2019-20643

Trust: 3.0

db:JVNDBid:JVNDB-2019-015311

Trust: 0.8

db:CNVDid:CNVD-2020-24161

Trust: 0.6

db:CNNVDid:CNNVD-202004-1243

Trust: 0.6

sources: CNVD: CNVD-2020-24161 // JVNDB: JVNDB-2019-015311 // CNNVD: CNNVD-202004-1243 // NVD: CVE-2019-20643

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2019-20643

Trust: 2.0

url:https://kb.netgear.com/000061499/security-advisory-for-sensitive-information-disclosure-on-rax40-psv-2019-0247

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20643

Trust: 0.8

sources: CNVD: CNVD-2020-24161 // JVNDB: JVNDB-2019-015311 // CNNVD: CNNVD-202004-1243 // NVD: CVE-2019-20643

SOURCES

db:CNVDid:CNVD-2020-24161
db:JVNDBid:JVNDB-2019-015311
db:CNNVDid:CNNVD-202004-1243
db:NVDid:CVE-2019-20643

LAST UPDATE DATE

2024-11-23T22:16:30.954000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-24161date:2020-04-23T00:00:00
db:JVNDBid:JVNDB-2019-015311date:2020-05-11T00:00:00
db:CNNVDid:CNNVD-202004-1243date:2020-04-26T00:00:00
db:NVDid:CVE-2019-20643date:2024-11-21T04:38:57.190

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-24161date:2020-04-23T00:00:00
db:JVNDBid:JVNDB-2019-015311date:2020-05-11T00:00:00
db:CNNVDid:CNNVD-202004-1243date:2020-04-15T00:00:00
db:NVDid:CVE-2019-20643date:2020-04-15T18:15:14.300