Details of VAR-202004-0896

ID

VAR-202004-0896

CVE

CVE-2019-20656

TITLE

plural NETGEAR Vulnerability in using hard-coded credentials on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-015439

DESCRIPTION

Certain NETGEAR devices are affected by a hardcoded password. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.24, JR6150 before 1.0.1.24, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6230 before 1.1.0.86, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, and WNR2020 before 1.1.0.62. plural NETGEAR A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6200, etc. are all products of NETGEAR. NETGEAR D6200 is a wireless modem. NETGEAR WNR2020 is a wireless router. NETGEAR PR2000 is a wireless router. Vulnerabilities in trust management issues exist in many NETGEAR products

Trust: 2.16

sources: NVD: CVE-2019-20656 // JVNDB: JVNDB-2019-015439 // CNVD: CNVD-2020-27207

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-27207

AFFECTED PRODUCTS

vendor:	netgear	model:	r6260	scope:	lt	version:	1.1.0.64	Trust: 1.6
vendor:	netgear	model:	wnr2020	scope:	lt	version:	1.1.0.62	Trust: 1.6
vendor:	netgear	model:	d6200	scope:	lt	version:	1.1.00.36	Trust: 1.6
vendor:	netgear	model:	d7000	scope:	lt	version:	1.0.1.74	Trust: 1.6
vendor:	netgear	model:	r6020	scope:	lt	version:	1.0.0.42	Trust: 1.6
vendor:	netgear	model:	r6080	scope:	lt	version:	1.0.0.42	Trust: 1.6
vendor:	netgear	model:	r6050	scope:	lt	version:	1.0.1.24	Trust: 1.6
vendor:	netgear	model:	jr6150	scope:	lt	version:	1.0.1.24	Trust: 1.6
vendor:	netgear	model:	r6120	scope:	lt	version:	1.0.0.48	Trust: 1.6
vendor:	netgear	model:	r6220	scope:	lt	version:	1.1.0.86	Trust: 1.6
vendor:	netgear	model:	r6230	scope:	lt	version:	1.1.0.86	Trust: 1.6
vendor:	netgear	model:	r6800	scope:	lt	version:	1.2.0.62	Trust: 1.6
vendor:	netgear	model:	pr2000	scope:	lt	version:	1.0.0.30	Trust: 1.6
vendor:	netgear	model:	r6700	scope:	lt	version:	1.2.0.62	Trust: 1.0
vendor:	netgear	model:	r6900	scope:	lt	version:	1.2.0.62	Trust: 1.0
vendor:	netgear	model:	d6200	scope:	eq	version:	1.1.00.36	Trust: 0.8
vendor:	netgear	model:	d7000	scope:	eq	version:	1.0.1.74	Trust: 0.8
vendor:	netgear	model:	jr6150	scope:	eq	version:	1.0.0.24	Trust: 0.8
vendor:	netgear	model:	pr2000	scope:	eq	version:	1.0.0.30	Trust: 0.8
vendor:	netgear	model:	r6020	scope:	eq	version:	1.0.0.42	Trust: 0.8
vendor:	netgear	model:	r6050	scope:	eq	version:	1.0.0.24	Trust: 0.8
vendor:	netgear	model:	r6080	scope:	eq	version:	1.0.0.42	Trust: 0.8
vendor:	netgear	model:	r6120	scope:	eq	version:	1.0.0.48	Trust: 0.8
vendor:	netgear	model:	r6220	scope:	eq	version:	1.1.0.86	Trust: 0.8
vendor:	netgear	model:	r6230	scope:	eq	version:	1.1.0.86	Trust: 0.8
vendor:	netgear	model:	r6700v2	scope:	lt	version:	1.2.0.62	Trust: 0.6
vendor:	netgear	model:	r6900v2	scope:	lt	version:	1.2.0.62	Trust: 0.6

sources: CNVD: CNVD-2020-27207 // JVNDB: JVNDB-2019-015439 // NVD: CVE-2019-20656

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-20656
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2019-20656
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2019-015439
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-27207
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202004-1230
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-20656
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-015439
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-27207
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-20656
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2019-20656
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	5.2
version:	3.0
Trust: 1.0
NVD:	JVNDB-2019-015439
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-27207 // JVNDB: JVNDB-2019-015439 // CNNVD: CNNVD-202004-1230 // NVD: CVE-2019-20656 // NVD: CVE-2019-20656

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.8

sources: JVNDB: JVNDB-2019-015439 // NVD: CVE-2019-20656

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1230

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202004-1230

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015439

PATCH

title:	Security Advisory for Hardcoded Password on Some Routers and Gateways, PSV-2018-0623	url:	https://kb.netgear.com/000061483/Security-Advisory-for-Hardcoded-Password-on-Some-Routers-and-Gateways-PSV-2018-0623	Trust: 0.8
title:	Patch for Multiple NETGEAR product trust management problem vulnerabilities (CNVD-2020-27207)	url:	https://www.cnvd.org.cn/patchInfo/show/216879	Trust: 0.6
title:	Multiple NETGEAR Repair measures for product trust management problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116873	Trust: 0.6

sources: CNVD: CNVD-2020-27207 // JVNDB: JVNDB-2019-015439 // CNNVD: CNNVD-202004-1230

EXTERNAL IDS

db:	NVD	id:	CVE-2019-20656	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-015439	Trust: 0.8
db:	CNVD	id:	CNVD-2020-27207	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1230	Trust: 0.6

sources: CNVD: CNVD-2020-27207 // JVNDB: JVNDB-2019-015439 // CNNVD: CNNVD-202004-1230 // NVD: CVE-2019-20656

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-20656	Trust: 2.0
url:	https://kb.netgear.com/000061483/security-advisory-for-hardcoded-password-on-some-routers-and-gateways-psv-2018-0623	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20656	Trust: 0.8

sources: CNVD: CNVD-2020-27207 // JVNDB: JVNDB-2019-015439 // CNNVD: CNNVD-202004-1230 // NVD: CVE-2019-20656

SOURCES

db:	CNVD	id:	CNVD-2020-27207
db:	JVNDB	id:	JVNDB-2019-015439
db:	CNNVD	id:	CNNVD-202004-1230
db:	NVD	id:	CVE-2019-20656

LAST UPDATE DATE

2024-11-23T22:05:40.728000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-27207	date:	2020-05-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-015439	date:	2020-05-19T00:00:00
db:	CNNVD	id:	CNNVD-202004-1230	date:	2020-05-06T00:00:00
db:	NVD	id:	CVE-2019-20656	date:	2024-11-21T04:38:59.067

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-27207	date:	2020-05-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-015439	date:	2020-05-19T00:00:00
db:	CNNVD	id:	CNNVD-202004-1230	date:	2020-04-15T00:00:00
db:	NVD	id:	CVE-2019-20656	date:	2020-04-15T19:15:13.127