Details of VAR-202004-0899

ID

VAR-202004-0899

CVE

CVE-2019-20690

TITLE

plural NETGEAR Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-015426

DESCRIPTION

Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.30, D7000 before 1.0.1.66, R6020 before 1.0.0.34, R6080 before 1.0.0.34, R6120 before 1.0.0.44, R6220 before 1.1.0.68, WNR2020 before 1.1.0.54, and WNR614 before 1.1.0.54. plural NETGEAR There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6200, etc. are all products of NETGEAR. NETGEAR D6200 is a wireless modem. NETGEAR D7000 is a wireless modem. NETGEAR WNR2020 is a wireless router. This affects D6200 prior to 1.1.00.30, D7000 prior to 1.0.1.66, R6020 prior to 1.0.0.34, R6080 prior to 1.0.0.34, R6120 prior to 1.0.0.44, R6220 prior to 1.1.0.68, WNR2020 prior to 1.1.0.54, and WNR614 prior to 1.1.0.54

Trust: 2.25

sources: NVD: CVE-2019-20690 // JVNDB: JVNDB-2019-015426 // CNVD: CNVD-2020-30755 // VULMON: CVE-2019-20690

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-30755

AFFECTED PRODUCTS

vendor:	netgear	model:	d6200	scope:	lt	version:	1.1.00.30	Trust: 1.6
vendor:	netgear	model:	d7000	scope:	lt	version:	1.0.1.66	Trust: 1.6
vendor:	netgear	model:	r6020	scope:	lt	version:	1.0.0.34	Trust: 1.6
vendor:	netgear	model:	r6080	scope:	lt	version:	1.0.0.34	Trust: 1.6
vendor:	netgear	model:	r6120	scope:	lt	version:	1.0.0.44	Trust: 1.6
vendor:	netgear	model:	r6220	scope:	lt	version:	1.1.0.68	Trust: 1.6
vendor:	netgear	model:	wnr2020	scope:	lt	version:	1.1.0.54	Trust: 1.6
vendor:	netgear	model:	wnr614	scope:	lt	version:	1.1.0.54	Trust: 1.6
vendor:	netgear	model:	d6200	scope:	eq	version:	1.1.00.30	Trust: 0.8
vendor:	netgear	model:	d7000	scope:	eq	version:	1.0.1.66	Trust: 0.8
vendor:	netgear	model:	r6020	scope:	eq	version:	1.0.0.34	Trust: 0.8
vendor:	netgear	model:	r6080	scope:	eq	version:	1.0.0.34	Trust: 0.8
vendor:	netgear	model:	r6120	scope:	eq	version:	1.0.0.44	Trust: 0.8
vendor:	netgear	model:	r6220	scope:	eq	version:	1.1.0.68	Trust: 0.8
vendor:	netgear	model:	wnr2020	scope:	eq	version:	1.1.0.54	Trust: 0.8
vendor:	netgear	model:	wnr614	scope:	eq	version:	1.1.0.54	Trust: 0.8

sources: CNVD: CNVD-2020-30755 // JVNDB: JVNDB-2019-015426 // NVD: CVE-2019-20690

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-20690
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2019-20690
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2019-015426
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-30755
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-1274
value:	HIGH
Trust: 0.6
VULMON:	CVE-2019-20690
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-20690
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2019-015426
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-30755
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-20690
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2019-20690
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2019-015426
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-30755 // VULMON: CVE-2019-20690 // JVNDB: JVNDB-2019-015426 // CNNVD: CNNVD-202004-1274 // NVD: CVE-2019-20690 // NVD: CVE-2019-20690

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-287	Trust: 0.8

sources: JVNDB: JVNDB-2019-015426 // NVD: CVE-2019-20690

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1274

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202004-1274

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015426

PATCH

title:	Security Advisory for Authentication Bypass on Some Routers and Gateways, PSV-2018-0073	url:	https://kb.netgear.com/000061449/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2018-0073	Trust: 0.8
title:	Patch for Multiple NETGEAR product authorization issue vulnerabilities (CNVD-2020-30755)	url:	https://www.cnvd.org.cn/patchInfo/show/219527	Trust: 0.6
title:	Multiple NETGEAR Product Authorization Issue Vulnerability Fixing Measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116881	Trust: 0.6

sources: CNVD: CNVD-2020-30755 // JVNDB: JVNDB-2019-015426 // CNNVD: CNNVD-202004-1274

EXTERNAL IDS

db:	NVD	id:	CVE-2019-20690	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-015426	Trust: 0.8
db:	CNVD	id:	CNVD-2020-30755	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1274	Trust: 0.6
db:	VULMON	id:	CVE-2019-20690	Trust: 0.1

sources: CNVD: CNVD-2020-30755 // VULMON: CVE-2019-20690 // JVNDB: JVNDB-2019-015426 // CNNVD: CNNVD-202004-1274 // NVD: CVE-2019-20690

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-20690	Trust: 2.0
url:	https://kb.netgear.com/000061449/security-advisory-for-authentication-bypass-on-some-routers-and-gateways-psv-2018-0073	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20690	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-30755 // VULMON: CVE-2019-20690 // JVNDB: JVNDB-2019-015426 // CNNVD: CNNVD-202004-1274 // NVD: CVE-2019-20690

CREDITS

Cyriac

Trust: 0.6

sources: CNNVD: CNNVD-202004-1274

SOURCES

db:	CNVD	id:	CNVD-2020-30755
db:	VULMON	id:	CVE-2019-20690
db:	JVNDB	id:	JVNDB-2019-015426
db:	CNNVD	id:	CNNVD-202004-1274
db:	NVD	id:	CVE-2019-20690

LAST UPDATE DATE

2024-11-23T23:11:27.427000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-30755	date:	2020-05-29T00:00:00
db:	VULMON	id:	CVE-2019-20690	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-015426	date:	2020-05-19T00:00:00
db:	CNNVD	id:	CNNVD-202004-1274	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-20690	date:	2024-11-21T04:39:05.540

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-30755	date:	2020-05-29T00:00:00
db:	VULMON	id:	CVE-2019-20690	date:	2020-04-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-015426	date:	2020-05-19T00:00:00
db:	CNNVD	id:	CNNVD-202004-1274	date:	2020-04-16T00:00:00
db:	NVD	id:	CVE-2019-20690	date:	2020-04-16T19:15:23.370