Sign-up

ID

VAR-202004-0903


CVE

CVE-2019-20694


TITLE

plural NETGEAR Information leakage vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-015396

DESCRIPTION

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects GS728TP before 6.0.0.48, GS728TPPv2 before 6.0.0.48, GS728TPv2 before 6.0.0.48, GS752TPP before 6.0.0.48, and GS752TPv2 before 6.0.0.48. NETGEAR GS728TPP and so on are all a kind of switchboard of NETGEAR company

Trust: 2.16

sources: NVD: CVE-2019-20694 // JVNDB: JVNDB-2019-015396 // CNVD: CNVD-2020-30759

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-30759

AFFECTED PRODUCTS

vendor:netgearmodel:gs752tppscope:ltversion:6.0.0.48

Trust: 1.6

vendor:netgearmodel:gs728tpscope:ltversion:6.0.0.48

Trust: 1.6

vendor:netgearmodel:gs752tpscope:ltversion:6.0.0.48

Trust: 1.0

vendor:netgearmodel:gs728tppscope:ltversion:6.0.0.48

Trust: 1.0

vendor:netgearmodel:gs728tpscope:eqversion:6.0.0.48

Trust: 0.8

vendor:netgearmodel:gs728tppscope:eqversion:6.0.0.48

Trust: 0.8

vendor:netgearmodel:gs752tpscope:eqversion:6.0.0.48

Trust: 0.8

vendor:netgearmodel:gs752tppscope:eqversion:6.0.0.48

Trust: 0.8

vendor:netgearmodel:gs728tppv2scope:ltversion:6.0.0.48

Trust: 0.6

vendor:netgearmodel:gs728tpv2scope:ltversion:6.0.0.48

Trust: 0.6

vendor:netgearmodel:gs752tpv2scope:ltversion:6.0.0.48

Trust: 0.6

sources: CNVD: CNVD-2020-30759 // JVNDB: JVNDB-2019-015396 // NVD: CVE-2019-20694

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-20694
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2019-20694
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-015396
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-30759
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1278
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-20694
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015396
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-30759
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-20694
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2019-20694
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: JVNDB-2019-015396
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-30759 // JVNDB: JVNDB-2019-015396 // CNNVD: CNNVD-202004-1278 // NVD: CVE-2019-20694 // NVD: CVE-2019-20694

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2019-015396 // NVD: CVE-2019-20694

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1278

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-1278

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015396

PATCH
title:Security Advisory for Sensitive Information Disclosure on Some Switches, PSV-2019-0059url:https://kb.netgear.com/000061235/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Switches-PSV-2019-0059
Trust: 0.8
title:Patch for Multiple NETGEAR product information disclosure vulnerabilities (CNVD-2020-30759)url:https://www.cnvd.org.cn/patchInfo/show/219503
Trust: 0.6
title:Multiple NETGEAR Product information disclosure vulnerability repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116549
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-30759 // 
            
            
            
            JVNDB: JVNDB-2019-015396 // 
            
            
            
            CNNVD: CNNVD-202004-1278

EXTERNAL IDS
db:NVDid:CVE-2019-20694
Trust: 3.0
db:JVNDBid:JVNDB-2019-015396
Trust: 0.8
db:CNVDid:CNVD-2020-30759
Trust: 0.6
db:CNNVDid:CNNVD-202004-1278
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-30759 // 
            
            
            
            JVNDB: JVNDB-2019-015396 // 
            
            
            
            CNNVD: CNNVD-202004-1278 // 
            
            
            
            NVD: CVE-2019-20694

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-20694
Trust: 2.0
url:https://kb.netgear.com/000061235/security-advisory-for-sensitive-information-disclosure-on-some-switches-psv-2019-0059
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20694
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-30759 // 
            
            
            
            JVNDB: JVNDB-2019-015396 // 
            
            
            
            CNNVD: CNNVD-202004-1278 // 
            
            
            
            NVD: CVE-2019-20694

CREDITS
thyphoon
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202004-1278

SOURCES
db:CNVDid:CNVD-2020-30759
db:JVNDBid:JVNDB-2019-015396
db:CNNVDid:CNNVD-202004-1278
db:NVDid:CVE-2019-20694

LAST UPDATE DATE
2024-11-23T23:07:59.173000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-30759date:2020-05-29T00:00:00
db:JVNDBid:JVNDB-2019-015396date:2020-05-14T00:00:00
db:CNNVDid:CNNVD-202004-1278date:2020-04-26T00:00:00
db:NVDid:CVE-2019-20694date:2024-11-21T04:39:06.157

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-30759date:2020-05-29T00:00:00
db:JVNDBid:JVNDB-2019-015396date:2020-05-14T00:00:00
db:CNNVDid:CNNVD-202004-1278date:2020-04-16T00:00:00
db:NVDid:CVE-2019-20694date:2020-04-16T19:15:23.603