Sign-up

ID

VAR-202004-0895


CVE

CVE-2019-20655


TITLE

NETGEAR Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-015360

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR500 before 2.3.2.56 and XR700 before 1.0.1.20. NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR XR700 and NETGEAR XR500 are both wireless routers of NETGEAR. NETGEAR XR500 versions prior to 2.3.2.56 and XR700 versions prior to 1.0.1.20 have injection vulnerabilities. Attackers can use the vulnerabilities to cause system or product parsing or interpretation errors. This affects XR500 prior to 2.3.2.56 and XR700 prior to 1.0.1.20

Trust: 2.25

sources: NVD: CVE-2019-20655 // JVNDB: JVNDB-2019-015360 // CNVD: CNVD-2020-27206 // VULMON: CVE-2019-20655

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-27206

AFFECTED PRODUCTS

vendor:netgearmodel:xr500scope:ltversion:2.3.2.56

Trust: 1.6

vendor:netgearmodel:xr700scope:ltversion:1.0.1.20

Trust: 1.6

vendor:netgearmodel:xr500scope:eqversion:2.3.2.56

Trust: 0.8

vendor:netgearmodel:xr700scope:eqversion:1.0.1.20

Trust: 0.8

sources: CNVD: CNVD-2020-27206 // JVNDB: JVNDB-2019-015360 // NVD: CVE-2019-20655

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-20655
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2019-20655
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-015360
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-27206
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1231
value: HIGH

Trust: 0.6

VULMON: CVE-2019-20655
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-20655
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-015360
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-27206
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-20655
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2019-20655
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 5.5
version: 3.0

Trust: 1.0

NVD: JVNDB-2019-015360
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-27206 // VULMON: CVE-2019-20655 // JVNDB: JVNDB-2019-015360 // CNNVD: CNNVD-202004-1231 // NVD: CVE-2019-20655 // NVD: CVE-2019-20655

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-74

Trust: 0.8

sources: JVNDB: JVNDB-2019-015360 // NVD: CVE-2019-20655

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1231

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-1231

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015360

PATCH
title:Security Advisory for Post-Authentication Command Injection on XR500 and XR700, PSV-2019-0026url:https://kb.netgear.com/000061484/Security-Advisory-for-Post-Authentication-Command-Injection-on-XR500-and-XR700-PSV-2019-0026
Trust: 0.8
title:Patch for NETGEAR XR500 and XR700 injection vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/216883
Trust: 0.6
title:NETGEAR XR500  and XR700 Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116530
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-27206 // 
            
            
            
            JVNDB: JVNDB-2019-015360 // 
            
            
            
            CNNVD: CNNVD-202004-1231

EXTERNAL IDS
db:NVDid:CVE-2019-20655
Trust: 3.1
db:JVNDBid:JVNDB-2019-015360
Trust: 0.8
db:CNVDid:CNVD-2020-27206
Trust: 0.6
db:CNNVDid:CNNVD-202004-1231
Trust: 0.6
db:VULMONid:CVE-2019-20655
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-27206 // 
            
            
            
            VULMON: CVE-2019-20655 // 
            
            
            
            JVNDB: JVNDB-2019-015360 // 
            
            
            
            CNNVD: CNNVD-202004-1231 // 
            
            
            
            NVD: CVE-2019-20655

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-20655
Trust: 2.0
url:https://kb.netgear.com/000061484/security-advisory-for-post-authentication-command-injection-on-xr500-and-xr700-psv-2019-0026
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20655
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/77.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-27206 // 
            
            
            
            VULMON: CVE-2019-20655 // 
            
            
            
            JVNDB: JVNDB-2019-015360 // 
            
            
            
            CNNVD: CNNVD-202004-1231 // 
            
            
            
            NVD: CVE-2019-20655

SOURCES
db:CNVDid:CNVD-2020-27206
db:VULMONid:CVE-2019-20655
db:JVNDBid:JVNDB-2019-015360
db:CNNVDid:CNNVD-202004-1231
db:NVDid:CVE-2019-20655

LAST UPDATE DATE
2024-11-23T22:55:10.956000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-27206date:2020-05-09T00:00:00
db:VULMONid:CVE-2019-20655date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-015360date:2020-05-13T00:00:00
db:CNNVDid:CNNVD-202004-1231date:2020-10-28T00:00:00
db:NVDid:CVE-2019-20655date:2024-11-21T04:38:58.923

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-27206date:2020-05-09T00:00:00
db:VULMONid:CVE-2019-20655date:2020-04-15T00:00:00
db:JVNDBid:JVNDB-2019-015360date:2020-05-13T00:00:00
db:CNNVDid:CNNVD-202004-1231date:2020-04-15T00:00:00
db:NVDid:CVE-2019-20655date:2020-04-15T19:15:13.067