Sign-up

ID

VAR-202004-0900


CVE

CVE-2019-20691


TITLE

plural NETGEAR Cross-site request forgery vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2019-015394

DESCRIPTION

Certain NETGEAR devices are affected by CSRF. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, and WN2500RPv2 before 1.0.1.54. plural NETGEAR A cross-site request forgery vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR EX7000, etc. NETGEAR EX7000 is a wireless network signal extender. NETGEAR EX6200 is a wireless network signal extender. NETGEAR D3600 is a wireless modem. The vulnerability stems from the fact that the WEB application does not fully verify whether the request comes from a trusted user. An attacker can use this vulnerability to send an unexpected request to the server through the affected client

Trust: 2.16

sources: NVD: CVE-2019-20691 // JVNDB: JVNDB-2019-015394 // CNVD: CNVD-2020-30756

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-30756

AFFECTED PRODUCTS

vendor:netgearmodel:ex3700scope:ltversion:1.0.0.70

Trust: 1.6

vendor:netgearmodel:ex3800scope:ltversion:1.0.0.70

Trust: 1.6

vendor:netgearmodel:ex6000scope:ltversion:1.0.0.30

Trust: 1.6

vendor:netgearmodel:ex6100scope:ltversion:1.0.2.24

Trust: 1.6

vendor:netgearmodel:ex6120scope:ltversion:1.0.0.40

Trust: 1.6

vendor:netgearmodel:ex6130scope:ltversion:1.0.0.22

Trust: 1.6

vendor:netgearmodel:ex6200scope:ltversion:1.0.3.88

Trust: 1.6

vendor:netgearmodel:ex7000scope:ltversion:1.0.0.66

Trust: 1.6

vendor:netgearmodel:d3600scope:ltversion:1.0.0.72

Trust: 1.6

vendor:netgearmodel:d6000scope:ltversion:1.0.0.72

Trust: 1.6

vendor:netgearmodel:wn2500rpscope:ltversion:1.0.1.54

Trust: 1.0

vendor:netgearmodel:ex6150scope:ltversion:1.0.0.42

Trust: 1.0

vendor:netgearmodel:d3600scope:eqversion:1.0.0.72

Trust: 0.8

vendor:netgearmodel:d6000scope:eqversion:1.0.0.72

Trust: 0.8

vendor:netgearmodel:ex3700scope:eqversion:1.0.0.70

Trust: 0.8

vendor:netgearmodel:ex3800scope:eqversion:1.0.0.70

Trust: 0.8

vendor:netgearmodel:ex6000scope:eqversion:1.0.0.30

Trust: 0.8

vendor:netgearmodel:ex6100scope:eqversion:1.0.2.24

Trust: 0.8

vendor:netgearmodel:ex6120scope:eqversion:1.0.0.40

Trust: 0.8

vendor:netgearmodel:ex6130scope:eqversion:1.0.0.22

Trust: 0.8

vendor:netgearmodel:ex6150scope:eqversion:1.0.0.42

Trust: 0.8

vendor:netgearmodel:ex6200scope:eqversion:1.0.3.88

Trust: 0.8

vendor:netgearmodel:ex6150v1scope:ltversion:1.0.0.42

Trust: 0.6

vendor:netgearmodel:wn2500rpv2scope:ltversion:1.0.1.54

Trust: 0.6

sources: CNVD: CNVD-2020-30756 // JVNDB: JVNDB-2019-015394 // NVD: CVE-2019-20691

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-20691
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2019-20691
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-015394
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-30756
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1275
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-20691
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015394
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-30756
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-20691
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2019-20691
baseSeverity: HIGH
baseScore: 8.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 5.5
version: 3.0

Trust: 1.0

NVD: JVNDB-2019-015394
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-30756 // JVNDB: JVNDB-2019-015394 // CNNVD: CNNVD-202004-1275 // NVD: CVE-2019-20691 // NVD: CVE-2019-20691

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.8

sources: JVNDB: JVNDB-2019-015394 // NVD: CVE-2019-20691

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1275

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-202004-1275

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015394

PATCH
title:Security Advisory for Cross Site Request Forgery on Some Gateways and Extenders, PSV-2017-2747url:https://kb.netgear.com/000061448/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Gateways-and-Extenders-PSV-2017-2747
Trust: 0.8
title:Patch for Multiple NETGEAR products cross-site request forgery vulnerability (CNVD-2020-30756)url:https://www.cnvd.org.cn/patchInfo/show/219513
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-30756 // 
            
            
            
            JVNDB: JVNDB-2019-015394

EXTERNAL IDS
db:NVDid:CVE-2019-20691
Trust: 3.0
db:JVNDBid:JVNDB-2019-015394
Trust: 0.8
db:CNVDid:CNVD-2020-30756
Trust: 0.6
db:CNNVDid:CNNVD-202004-1275
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-30756 // 
            
            
            
            JVNDB: JVNDB-2019-015394 // 
            
            
            
            CNNVD: CNNVD-202004-1275 // 
            
            
            
            NVD: CVE-2019-20691

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-20691
Trust: 2.0
url:https://kb.netgear.com/000061448/security-advisory-for-cross-site-request-forgery-on-some-gateways-and-extenders-psv-2017-2747
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20691
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-30756 // 
            
            
            
            JVNDB: JVNDB-2019-015394 // 
            
            
            
            CNNVD: CNNVD-202004-1275 // 
            
            
            
            NVD: CVE-2019-20691

CREDITS
Niemand
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202004-1275

SOURCES
db:CNVDid:CNVD-2020-30756
db:JVNDBid:JVNDB-2019-015394
db:CNNVDid:CNNVD-202004-1275
db:NVDid:CVE-2019-20691

LAST UPDATE DATE
2024-11-23T23:01:24.876000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-30756date:2020-05-29T00:00:00
db:JVNDBid:JVNDB-2019-015394date:2020-05-14T00:00:00
db:CNNVDid:CNNVD-202004-1275date:2020-04-26T00:00:00
db:NVDid:CVE-2019-20691date:2024-11-21T04:39:05.687

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-30756date:2020-05-29T00:00:00
db:JVNDBid:JVNDB-2019-015394date:2020-05-14T00:00:00
db:CNNVDid:CNNVD-202004-1275date:2020-04-16T00:00:00
db:NVDid:CVE-2019-20691date:2020-04-16T19:15:23.447