Sign-up

ID

VAR-202004-0904


CVE

CVE-2019-20695


TITLE

plural NETGEAR Information leakage vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-015328

DESCRIPTION

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects SRK60 before 2.3.5.106, SRR60 before 2.3.5.106, and SRS60 before 2.3.5.106. NETGEAR SRK60 and NETGEAR SRR60 are both wireless routers of NETGEAR

Trust: 2.16

sources: NVD: CVE-2019-20695 // JVNDB: JVNDB-2019-015328 // CNVD: CNVD-2020-27429

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-27429

AFFECTED PRODUCTS

vendor:netgearmodel:srk60scope:ltversion:2.3.5.106

Trust: 1.6

vendor:netgearmodel:srr60scope:ltversion:2.3.5.106

Trust: 1.6

vendor:netgearmodel:srs60scope:ltversion:2.3.5.106

Trust: 1.6

vendor:netgearmodel:srk60scope:eqversion:2.3.5.106

Trust: 0.8

vendor:netgearmodel:srr60scope:eqversion:2.3.5.106

Trust: 0.8

vendor:netgearmodel:srs60scope:eqversion:2.3.5.106

Trust: 0.8

sources: CNVD: CNVD-2020-27429 // JVNDB: JVNDB-2019-015328 // NVD: CVE-2019-20695

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-20695
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2019-20695
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2019-015328
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-27429
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1279
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-20695
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015328
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-27429
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-20695
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2019-20695
baseSeverity: CRITICAL
baseScore: 9.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 5.5
version: 3.0

Trust: 1.0

NVD: JVNDB-2019-015328
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-27429 // JVNDB: JVNDB-2019-015328 // CNNVD: CNNVD-202004-1279 // NVD: CVE-2019-20695 // NVD: CVE-2019-20695

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2019-015328 // NVD: CVE-2019-20695

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1279

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-1279

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015328

PATCH
title:Security Advisory for Sensitive Information Disclosure on Orbi Pro WiFi System, PSV-2019-0158url:https://kb.netgear.com/000061234/Security-Advisory-for-Sensitive-Information-Disclosure-on-Orbi-Pro-WiFi-System-PSV-2019-0158
Trust: 0.8
title:Patch for NETGEAR SRK60, SRR6 and SRS60 information disclosure vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/216965
Trust: 0.6
title:NETGEAR SRK60 , SRR6  and SRS60 Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116550
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-27429 // 
            
            
            
            JVNDB: JVNDB-2019-015328 // 
            
            
            
            CNNVD: CNNVD-202004-1279

EXTERNAL IDS
db:NVDid:CVE-2019-20695
Trust: 3.0
db:JVNDBid:JVNDB-2019-015328
Trust: 0.8
db:CNVDid:CNVD-2020-27429
Trust: 0.6
db:CNNVDid:CNNVD-202004-1279
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-27429 // 
            
            
            
            JVNDB: JVNDB-2019-015328 // 
            
            
            
            CNNVD: CNNVD-202004-1279 // 
            
            
            
            NVD: CVE-2019-20695

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-20695
Trust: 2.0
url:https://kb.netgear.com/000061234/security-advisory-for-sensitive-information-disclosure-on-orbi-pro-wifi-system-psv-2019-0158
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20695
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-27429 // 
            
            
            
            JVNDB: JVNDB-2019-015328 // 
            
            
            
            CNNVD: CNNVD-202004-1279 // 
            
            
            
            NVD: CVE-2019-20695

CREDITS
philborch
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202004-1279

SOURCES
db:CNVDid:CNVD-2020-27429
db:JVNDBid:JVNDB-2019-015328
db:CNNVDid:CNNVD-202004-1279
db:NVDid:CVE-2019-20695

LAST UPDATE DATE
2024-11-23T22:16:30.928000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-27429date:2020-05-09T00:00:00
db:JVNDBid:JVNDB-2019-015328date:2020-05-12T00:00:00
db:CNNVDid:CNNVD-202004-1279date:2020-04-26T00:00:00
db:NVDid:CVE-2019-20695date:2024-11-21T04:39:06.300

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-27429date:2020-05-09T00:00:00
db:JVNDBid:JVNDB-2019-015328date:2020-05-12T00:00:00
db:CNNVDid:CNNVD-202004-1279date:2020-04-16T00:00:00
db:NVDid:CVE-2019-20695date:2020-04-16T19:15:23.650