Sign-up

ID

VAR-202004-0890


CVE

CVE-2019-20650


TITLE

plural NETGEAR Input verification vulnerabilities on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-015364

DESCRIPTION

Certain NETGEAR devices are affected by denial of service. This affects R8900 before 1.0.5.2, R9000 before 1.0.5.2, XR500 before 2.3.2.56, and XR700 before 1.0.1.20. plural NETGEAR The device contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state. NETGEAR R8900 is a wireless router of NETGEAR. There are security holes in many NETGEAR products. This affects R8900 prior to 1.0.5.2, R9000 prior to 1.0.5.2, XR500 prior to 2.3.2.56, and XR700 prior to 1.0.1.20

Trust: 2.25

sources: NVD: CVE-2019-20650 // JVNDB: JVNDB-2019-015364 // CNVD: CNVD-2020-26951 // VULMON: CVE-2019-20650

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-26951

AFFECTED PRODUCTS

vendor:netgearmodel:xr500scope:ltversion:2.3.2.56

Trust: 1.6

vendor:netgearmodel:r8900scope:ltversion:1.0.5.2

Trust: 1.6

vendor:netgearmodel:r9000scope:ltversion:1.0.5.2

Trust: 1.6

vendor:netgearmodel:xr700scope:ltversion:1.0.1.20

Trust: 1.0

vendor:netgearmodel:r8900scope:eqversion:1.0.5.2

Trust: 0.8

vendor:netgearmodel:r9000scope:eqversion:1.0.5.2

Trust: 0.8

vendor:netgearmodel:xr500scope:eqversion:2.3.2.56

Trust: 0.8

vendor:netgearmodel:xr700scope:eqversion:1.0.1.20

Trust: 0.8

vendor:netgearmodel:r6100scope:ltversion:1.0.1.20

Trust: 0.6

sources: CNVD: CNVD-2020-26951 // JVNDB: JVNDB-2019-015364 // NVD: CVE-2019-20650

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-20650
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2019-20650
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-015364
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-26951
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1236
value: HIGH

Trust: 0.6

VULMON: CVE-2019-20650
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-20650
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-015364
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-26951
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-20650
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2019-20650
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: JVNDB-2019-015364
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-26951 // VULMON: CVE-2019-20650 // JVNDB: JVNDB-2019-015364 // CNNVD: CNNVD-202004-1236 // NVD: CVE-2019-20650 // NVD: CVE-2019-20650

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2019-015364 // NVD: CVE-2019-20650

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1236

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1236

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015364

PATCH
title:Security Advisory for Denial of Service on Some Routers, PSV-2019-0197url:https://kb.netgear.com/000061492/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2019-0197
Trust: 0.8
title:Patch for Multiple NETGEAR product input verification error vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/216399
Trust: 0.6
title:Multiple NETGEAR Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116535
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-26951 // 
            
            
            
            JVNDB: JVNDB-2019-015364 // 
            
            
            
            CNNVD: CNNVD-202004-1236

EXTERNAL IDS
db:NVDid:CVE-2019-20650
Trust: 3.1
db:JVNDBid:JVNDB-2019-015364
Trust: 0.8
db:CNVDid:CNVD-2020-26951
Trust: 0.6
db:CNNVDid:CNNVD-202004-1236
Trust: 0.6
db:VULMONid:CVE-2019-20650
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-26951 // 
            
            
            
            VULMON: CVE-2019-20650 // 
            
            
            
            JVNDB: JVNDB-2019-015364 // 
            
            
            
            CNNVD: CNNVD-202004-1236 // 
            
            
            
            NVD: CVE-2019-20650

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-20650
Trust: 2.0
url:https://kb.netgear.com/000061492/security-advisory-for-denial-of-service-on-some-routers-psv-2019-0197
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20650
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-26951 // 
            
            
            
            VULMON: CVE-2019-20650 // 
            
            
            
            JVNDB: JVNDB-2019-015364 // 
            
            
            
            CNNVD: CNNVD-202004-1236 // 
            
            
            
            NVD: CVE-2019-20650

SOURCES
db:CNVDid:CNVD-2020-26951
db:VULMONid:CVE-2019-20650
db:JVNDBid:JVNDB-2019-015364
db:CNNVDid:CNNVD-202004-1236
db:NVDid:CVE-2019-20650

LAST UPDATE DATE
2024-11-23T21:59:21.155000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-26951date:2020-05-07T00:00:00
db:VULMONid:CVE-2019-20650date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2019-015364date:2020-05-13T00:00:00
db:CNNVDid:CNNVD-202004-1236date:2022-07-01T00:00:00
db:NVDid:CVE-2019-20650date:2024-11-21T04:38:58.193

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-26951date:2020-05-07T00:00:00
db:VULMONid:CVE-2019-20650date:2020-04-15T00:00:00
db:JVNDBid:JVNDB-2019-015364date:2020-05-13T00:00:00
db:CNNVDid:CNNVD-202004-1236date:2020-04-15T00:00:00
db:NVDid:CVE-2019-20650date:2020-04-15T18:15:14.740