Details of VAR-202004-0886

ID

VAR-202004-0886

CVE

CVE-2019-20646

TITLE

NETGEAR RAX40 Inadequate protection of credentials on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-015305

DESCRIPTION

NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of administrative credentials. NETGEAR RAX40 Devices contain vulnerabilities in insufficient protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR RAX40 is a wireless router of NETGEAR. There is a security vulnerability in NETGEAR RAX40 prior to 1.0.3.64, which an attacker can use to obtain a management certificate

Trust: 2.16

sources: NVD: CVE-2019-20646 // JVNDB: JVNDB-2019-015305 // CNVD: CNVD-2020-24164

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-24164

AFFECTED PRODUCTS

vendor:	netgear	model:	rax40	scope:	lt	version:	1.0.3.64	Trust: 1.6
vendor:	netgear	model:	rax40	scope:	eq	version:	1.0.3.64	Trust: 0.8

sources: CNVD: CNVD-2020-24164 // JVNDB: JVNDB-2019-015305 // NVD: CVE-2019-20646

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-20646
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2019-015305
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-24164
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-1239
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2019-20646
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-015305
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-24164
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-20646
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-015305
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-24164 // JVNDB: JVNDB-2019-015305 // CNNVD: CNNVD-202004-1239 // NVD: CVE-2019-20646

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	CWE-522	Trust: 0.8

sources: JVNDB: JVNDB-2019-015305 // NVD: CVE-2019-20646

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1239

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-1239

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015305

PATCH

title:	Security Advisory for Admin Credential Disclosure on RAX40, PSV-2019-0237	url:	https://kb.netgear.com/000061496/Security-Advisory-for-Admin-Credential-Disclosure-on-RAX40-PSV-2019-0237	Trust: 0.8
title:	Patch for NETGEAR RAX40 has an unknown vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/215035	Trust: 0.6
title:	NETGEAR RAX40 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116537	Trust: 0.6

sources: CNVD: CNVD-2020-24164 // JVNDB: JVNDB-2019-015305 // CNNVD: CNNVD-202004-1239

EXTERNAL IDS

db:	NVD	id:	CVE-2019-20646	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-015305	Trust: 0.8
db:	CNVD	id:	CNVD-2020-24164	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1239	Trust: 0.6

sources: CNVD: CNVD-2020-24164 // JVNDB: JVNDB-2019-015305 // CNNVD: CNNVD-202004-1239 // NVD: CVE-2019-20646

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-20646	Trust: 2.0
url:	https://kb.netgear.com/000061496/security-advisory-for-admin-credential-disclosure-on-rax40-psv-2019-0237	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20646	Trust: 0.8

sources: CNVD: CNVD-2020-24164 // JVNDB: JVNDB-2019-015305 // CNNVD: CNNVD-202004-1239 // NVD: CVE-2019-20646

SOURCES

db:	CNVD	id:	CNVD-2020-24164
db:	JVNDB	id:	JVNDB-2019-015305
db:	CNNVD	id:	CNNVD-202004-1239
db:	NVD	id:	CVE-2019-20646

LAST UPDATE DATE

2024-11-23T23:04:25.590000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-24164	date:	2020-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-015305	date:	2020-05-11T00:00:00
db:	CNNVD	id:	CNNVD-202004-1239	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2019-20646	date:	2024-11-21T04:38:57.627

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-24164	date:	2020-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-015305	date:	2020-05-11T00:00:00
db:	CNNVD	id:	CNNVD-202004-1239	date:	2020-04-15T00:00:00
db:	NVD	id:	CVE-2019-20646	date:	2020-04-15T18:15:14.490