Sign-up

ID

VAR-202004-0894


CVE

CVE-2019-20654


TITLE

NETGEAR Input verification vulnerabilities on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-015359

DESCRIPTION

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4. NETGEAR The device contains an input verification vulnerability.Information may be tampered with

Trust: 1.62

sources: NVD: CVE-2019-20654 // JVNDB: JVNDB-2019-015359

AFFECTED PRODUCTS

vendor:netgearmodel:wac510scope:ltversion:8.0.6.4

Trust: 1.0

vendor:netgearmodel:wac505scope:ltversion:8.0.6.4

Trust: 1.0

vendor:netgearmodel:wac505scope:eqversion:8.0.6.4

Trust: 0.8

vendor:netgearmodel:wac510scope:eqversion:8.0.6.4

Trust: 0.8

sources: JVNDB: JVNDB-2019-015359 // NVD: CVE-2019-20654

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-20654
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2019-20654
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-015359
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202004-1232
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-20654
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015359
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2019-20654
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2019-20654
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: JVNDB-2019-015359
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2019-015359 // CNNVD: CNNVD-202004-1232 // NVD: CVE-2019-20654 // NVD: CVE-2019-20654

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2019-015359 // NVD: CVE-2019-20654

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1232

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1232

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015359

PATCH
title:Security Advisory for Security Misconfiguration on WAC505 and WAC510, PSV-2019-0061url:https://kb.netgear.com/000061487/Security-Advisory-for-Security-Misconfiguration-on-WAC505-and-WAC510-PSV-2019-0061
Trust: 0.8
title:NETGEAR WAC505  and WAC510 Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116531
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-015359 // 
            
            
            
            CNNVD: CNNVD-202004-1232

EXTERNAL IDS
db:NVDid:CVE-2019-20654
Trust: 2.4
db:JVNDBid:JVNDB-2019-015359
Trust: 0.8
db:CNNVDid:CNNVD-202004-1232
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-015359 // 
            
            
            
            CNNVD: CNNVD-202004-1232 // 
            
            
            
            NVD: CVE-2019-20654

REFERENCES
url:https://kb.netgear.com/000061487/security-advisory-for-security-misconfiguration-on-wac505-and-wac510-psv-2019-0061
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-20654
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20654
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-015359 // 
            
            
            
            CNNVD: CNNVD-202004-1232 // 
            
            
            
            NVD: CVE-2019-20654

SOURCES
db:JVNDBid:JVNDB-2019-015359
db:CNNVDid:CNNVD-202004-1232
db:NVDid:CVE-2019-20654

LAST UPDATE DATE
2024-11-23T21:51:35.089000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2019-015359date:2020-05-13T00:00:00
db:CNNVDid:CNNVD-202004-1232date:2020-04-26T00:00:00
db:NVDid:CVE-2019-20654date:2024-11-21T04:38:58.773

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2019-015359date:2020-05-13T00:00:00
db:CNNVDid:CNNVD-202004-1232date:2020-04-15T00:00:00
db:NVDid:CVE-2019-20654date:2020-04-15T19:15:12.987