Details of VAR-202004-0893

ID

VAR-202004-0893

CVE

CVE-2019-20653

TITLE

NETGEAR Input verification vulnerabilities on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-015358

DESCRIPTION

Certain NETGEAR devices are affected by denial of service. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4. NETGEAR The device contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2019-20653 // JVNDB: JVNDB-2019-015358

AFFECTED PRODUCTS

vendor:	netgear	model:	wac510	scope:	lt	version:	8.0.6.4	Trust: 1.0
vendor:	netgear	model:	wac505	scope:	lt	version:	8.0.6.4	Trust: 1.0
vendor:	netgear	model:	wac505	scope:	eq	version:	8.0.6.4	Trust: 0.8
vendor:	netgear	model:	wac510	scope:	eq	version:	8.0.6.4	Trust: 0.8

sources: JVNDB: JVNDB-2019-015358 // NVD: CVE-2019-20653

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-20653
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2019-20653
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2019-015358
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202004-1233
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-20653
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-015358
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2019-20653
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2019-20653
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	4.0
version:	3.0
Trust: 1.0
NVD:	JVNDB-2019-015358
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2019-015358 // CNNVD: CNNVD-202004-1233 // NVD: CVE-2019-20653 // NVD: CVE-2019-20653

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.8

sources: JVNDB: JVNDB-2019-015358 // NVD: CVE-2019-20653

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1233

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1233

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015358

PATCH

title:	Security Advisory for Denial of Service on WAC505 and WAC510, PSV-2019-0083	url:	https://kb.netgear.com/000061488/Security-Advisory-for-Denial-of-Service-on-WAC505-and-WAC510-PSV-2019-0083	Trust: 0.8
title:	NETGEAR WAC505 and WAC510 Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116532	Trust: 0.6

sources: JVNDB: JVNDB-2019-015358 // CNNVD: CNNVD-202004-1233

EXTERNAL IDS

db:	NVD	id:	CVE-2019-20653	Trust: 2.4
db:	JVNDB	id:	JVNDB-2019-015358	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-1233	Trust: 0.6

sources: JVNDB: JVNDB-2019-015358 // CNNVD: CNNVD-202004-1233 // NVD: CVE-2019-20653

REFERENCES

url:	https://kb.netgear.com/000061488/security-advisory-for-denial-of-service-on-wac505-and-wac510-psv-2019-0083	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20653	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20653	Trust: 0.8

sources: JVNDB: JVNDB-2019-015358 // CNNVD: CNNVD-202004-1233 // NVD: CVE-2019-20653

SOURCES

db:	JVNDB	id:	JVNDB-2019-015358
db:	CNNVD	id:	CNNVD-202004-1233
db:	NVD	id:	CVE-2019-20653

LAST UPDATE DATE

2024-11-23T22:11:31.069000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2019-015358	date:	2020-05-13T00:00:00
db:	CNNVD	id:	CNNVD-202004-1233	date:	2020-04-26T00:00:00
db:	NVD	id:	CVE-2019-20653	date:	2024-11-21T04:38:58.623

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2019-015358	date:	2020-05-13T00:00:00
db:	CNNVD	id:	CNNVD-202004-1233	date:	2020-04-15T00:00:00
db:	NVD	id:	CVE-2019-20653	date:	2020-04-15T19:15:12.927