Details of VAR-202004-0915

ID

VAR-202004-0915

CVE

CVE-2019-20681

TITLE

plural NETGEAR Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-015471

DESCRIPTION

Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.34, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6050 before 1.0.1.18, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, and R6900v2 before 1.2.0.36. plural NETGEAR There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6200, etc. are all products of NETGEAR. NETGEAR D6200 is a wireless modem. NETGEAR JR6150 is a wireless router. NETGEAR PR2000 is a wireless router

Trust: 2.16

sources: NVD: CVE-2019-20681 // JVNDB: JVNDB-2019-015471 // CNVD: CNVD-2020-24423

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-24423

AFFECTED PRODUCTS

vendor:	netgear	model:	d6200	scope:	lt	version:	1.1.00.34	Trust: 1.6
vendor:	netgear	model:	d7000	scope:	lt	version:	1.0.1.68	Trust: 1.6
vendor:	netgear	model:	jr6150	scope:	lt	version:	1.0.1.18	Trust: 1.6
vendor:	netgear	model:	pr2000	scope:	lt	version:	1.0.0.28	Trust: 1.6
vendor:	netgear	model:	r6050	scope:	lt	version:	1.0.1.18	Trust: 1.6
vendor:	netgear	model:	r6120	scope:	lt	version:	1.0.0.46	Trust: 1.6
vendor:	netgear	model:	r6220	scope:	lt	version:	1.1.0.80	Trust: 1.6
vendor:	netgear	model:	r6260	scope:	lt	version:	1.1.0.64	Trust: 1.6
vendor:	netgear	model:	r6800	scope:	lt	version:	1.2.0.36	Trust: 1.6
vendor:	netgear	model:	r6900	scope:	lt	version:	1.2.0.36	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lt	version:	1.2.0.36	Trust: 1.0
vendor:	netgear	model:	d6200	scope:	eq	version:	1.1.00.34	Trust: 0.8
vendor:	netgear	model:	d7000	scope:	eq	version:	1.0.1.68	Trust: 0.8
vendor:	netgear	model:	jr6150	scope:	eq	version:	1.0.1.18	Trust: 0.8
vendor:	netgear	model:	pr2000	scope:	eq	version:	1.0.0.28	Trust: 0.8
vendor:	netgear	model:	r6050	scope:	eq	version:	1.0.1.18	Trust: 0.8
vendor:	netgear	model:	r6120	scope:	eq	version:	1.0.0.46	Trust: 0.8
vendor:	netgear	model:	r6220	scope:	eq	version:	1.1.0.80	Trust: 0.8
vendor:	netgear	model:	r6260	scope:	eq	version:	1.1.0.64	Trust: 0.8
vendor:	netgear	model:	r6700	scope:	eq	version:	1.2.0.36	Trust: 0.8
vendor:	netgear	model:	r6800	scope:	eq	version:	1.2.0.36	Trust: 0.8
vendor:	netgear	model:	r6700	scope:	lt	version:	21.2.0.36	Trust: 0.6
vendor:	netgear	model:	r6900	scope:	lt	version:	21.2.0.36	Trust: 0.6

sources: CNVD: CNVD-2020-24423 // JVNDB: JVNDB-2019-015471 // NVD: CVE-2019-20681

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-20681
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2019-20681
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2019-015471
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-24423
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-1205
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-20681
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-015471
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-24423
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-20681
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2019-20681
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	4.2
version:	3.0
Trust: 1.0
NVD:	JVNDB-2019-015471
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-24423 // JVNDB: JVNDB-2019-015471 // CNNVD: CNNVD-202004-1205 // NVD: CVE-2019-20681 // NVD: CVE-2019-20681

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-287	Trust: 0.8

sources: JVNDB: JVNDB-2019-015471 // NVD: CVE-2019-20681

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-1205

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015471

PATCH

title:	Security Advisory for Authentication Bypass on Some Routers and Gateways, PSV-2018-0346	url:	https://kb.netgear.com/000061458/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2018-0346	Trust: 0.8
title:	Patch for Multiple NETGEAR product authentication bypass vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/215149	Trust: 0.6
title:	Multiple NETGEAR Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116084	Trust: 0.6

sources: CNVD: CNVD-2020-24423 // JVNDB: JVNDB-2019-015471 // CNNVD: CNNVD-202004-1205

EXTERNAL IDS

db:	NVD	id:	CVE-2019-20681	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-015471	Trust: 0.8
db:	CNVD	id:	CNVD-2020-24423	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1205	Trust: 0.6

sources: CNVD: CNVD-2020-24423 // JVNDB: JVNDB-2019-015471 // CNNVD: CNNVD-202004-1205 // NVD: CVE-2019-20681

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-20681	Trust: 2.0
url:	https://kb.netgear.com/000061458/security-advisory-for-authentication-bypass-on-some-routers-and-gateways-psv-2018-0346	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20681	Trust: 0.8

sources: CNVD: CNVD-2020-24423 // JVNDB: JVNDB-2019-015471 // CNNVD: CNNVD-202004-1205 // NVD: CVE-2019-20681

SOURCES

db:	CNVD	id:	CNVD-2020-24423
db:	JVNDB	id:	JVNDB-2019-015471
db:	CNNVD	id:	CNNVD-202004-1205
db:	NVD	id:	CVE-2019-20681

LAST UPDATE DATE

2024-11-23T21:51:35.063000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-24423	date:	2020-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-015471	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1205	date:	2020-04-21T00:00:00
db:	NVD	id:	CVE-2019-20681	date:	2024-11-21T04:39:03.980

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-24423	date:	2020-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-015471	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1205	date:	2020-04-15T00:00:00
db:	NVD	id:	CVE-2019-20681	date:	2020-04-15T20:15:14.660