Sign-up

ID

VAR-202004-0891


CVE

CVE-2019-20651


TITLE

NETGEAR Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-015362

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 8.2.1.16 and WAC510 before 8.2.1.16. NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505 and NETGEAR WAC510 are both wireless access points (AP) of NETGEAR. There is an injection vulnerability in NETGEAR WAC505 before 8.2.1.16 and WAC510 before 8.2.1.16. The vulnerability stems from the operation process of the user inputting the construction command, data structure or record, the network system or product lacks the correct verification of the user input data, and the special elements are not filtered or properly filtered out. The attacker can use the vulnerability to cause the system Or the product has a wrong interpretation or interpretation method

Trust: 2.16

sources: NVD: CVE-2019-20651 // JVNDB: JVNDB-2019-015362 // CNVD: CNVD-2020-26957

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-26957

AFFECTED PRODUCTS

vendor:netgearmodel:wac505scope:ltversion:8.2.1.16

Trust: 1.6

vendor:netgearmodel:wac510scope:ltversion:8.2.1.16

Trust: 1.6

vendor:netgearmodel:wac505scope:eqversion:8.2.1.16

Trust: 0.8

vendor:netgearmodel:wac510scope:eqversion:8.2.1.16

Trust: 0.8

sources: CNVD: CNVD-2020-26957 // JVNDB: JVNDB-2019-015362 // NVD: CVE-2019-20651

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-20651
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2019-20651
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-015362
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-26957
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1235
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-20651
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015362
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-26957
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-20651
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2019-20651
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 1.5
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: JVNDB-2019-015362
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-26957 // JVNDB: JVNDB-2019-015362 // CNNVD: CNNVD-202004-1235 // NVD: CVE-2019-20651 // NVD: CVE-2019-20651

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-74

Trust: 0.8

sources: JVNDB: JVNDB-2019-015362 // NVD: CVE-2019-20651

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1235

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-1235

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015362

PATCH
title:Security Advisory for Post-Authentication Command Injection on WAC505 and WAC510, PSV-2019-0176url:https://kb.netgear.com/000061491/Security-Advisory-for-Post-Authentication-Command-Injection-on-WAC505-and-WAC510-PSV-2019-0176
Trust: 0.8
title:Patch for NETGEAR WAC505 and WAC510 command injection vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/216427
Trust: 0.6
title:NETGEAR WAC505  and WAC510 Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116534
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-26957 // 
            
            
            
            JVNDB: JVNDB-2019-015362 // 
            
            
            
            CNNVD: CNNVD-202004-1235

EXTERNAL IDS
db:NVDid:CVE-2019-20651
Trust: 3.0
db:JVNDBid:JVNDB-2019-015362
Trust: 0.8
db:CNVDid:CNVD-2020-26957
Trust: 0.6
db:CNNVDid:CNNVD-202004-1235
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-26957 // 
            
            
            
            JVNDB: JVNDB-2019-015362 // 
            
            
            
            CNNVD: CNNVD-202004-1235 // 
            
            
            
            NVD: CVE-2019-20651

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-20651
Trust: 2.0
url:https://kb.netgear.com/000061491/security-advisory-for-post-authentication-command-injection-on-wac505-and-wac510-psv-2019-0176
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20651
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-26957 // 
            
            
            
            JVNDB: JVNDB-2019-015362 // 
            
            
            
            CNNVD: CNNVD-202004-1235 // 
            
            
            
            NVD: CVE-2019-20651

SOURCES
db:CNVDid:CNVD-2020-26957
db:JVNDBid:JVNDB-2019-015362
db:CNNVDid:CNNVD-202004-1235
db:NVDid:CVE-2019-20651

LAST UPDATE DATE
2024-11-23T22:21:13.147000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-26957date:2020-05-07T00:00:00
db:JVNDBid:JVNDB-2019-015362date:2020-05-13T00:00:00
db:CNNVDid:CNNVD-202004-1235date:2020-10-28T00:00:00
db:NVDid:CVE-2019-20651date:2024-11-21T04:38:58.340

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-26957date:2020-05-07T00:00:00
db:JVNDBid:JVNDB-2019-015362date:2020-05-13T00:00:00
db:CNNVDid:CNNVD-202004-1235date:2020-04-15T00:00:00
db:NVDid:CVE-2019-20651date:2020-04-15T19:15:12.643