Details of VAR-202004-0920

ID

VAR-202004-0920

CVE

CVE-2019-20686

TITLE

plural NETGEAR Classic buffer overflow vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2019-015425

DESCRIPTION

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.40, R6080 before 1.0.0.40, R6050 before 1.0.1.18, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6260 before 1.1.0.64, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, and WNR2020 before 1.1.0.62. plural NETGEAR A classic buffer overflow vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR D6200, etc. are all products of NETGEAR. NETGEAR D6200 is a wireless modem. NETGEAR D7000 is a wireless modem. NETGEAR WNR2020 is a wireless router. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in incorrect read and write operations to other associated memory locations. This affects D6200 prior to 1.1.00.36, D7000 prior to 1.0.1.74, JR6150 prior to 1.0.1.18, PR2000 prior to 1.0.0.28, R6020 prior to 1.0.0.40, R6080 prior to 1.0.0.40, R6050 prior to 1.0.1.18, R6120 prior to 1.0.0.48, R6220 prior to 1.1.0.86, R6260 prior to 1.1.0.64, R6700v2 prior to 1.2.0.36, R6800 prior to 1.2.0.36, R6900v2 prior to 1.2.0.36, and WNR2020 prior to 1.1.0.62

Trust: 2.25

sources: NVD: CVE-2019-20686 // JVNDB: JVNDB-2019-015425 // CNVD: CNVD-2021-57175 // VULMON: CVE-2019-20686

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-57175

AFFECTED PRODUCTS

vendor:	netgear	model:	jr6150	scope:	lt	version:	1.0.1.18	Trust: 1.6
vendor:	netgear	model:	pr2000	scope:	lt	version:	1.0.0.28	Trust: 1.6
vendor:	netgear	model:	r6050	scope:	lt	version:	1.0.1.18	Trust: 1.6
vendor:	netgear	model:	r6260	scope:	lt	version:	1.1.0.64	Trust: 1.6
vendor:	netgear	model:	r6800	scope:	lt	version:	1.2.0.36	Trust: 1.6
vendor:	netgear	model:	wnr2020	scope:	lt	version:	1.1.0.62	Trust: 1.6
vendor:	netgear	model:	d6200	scope:	lt	version:	1.1.00.36	Trust: 1.6
vendor:	netgear	model:	d7000	scope:	lt	version:	1.0.1.74	Trust: 1.6
vendor:	netgear	model:	r6120	scope:	lt	version:	1.0.0.48	Trust: 1.6
vendor:	netgear	model:	r6220	scope:	lt	version:	1.1.0.86	Trust: 1.6
vendor:	netgear	model:	r6020	scope:	lt	version:	1.0.0.40	Trust: 1.6
vendor:	netgear	model:	r6080	scope:	lt	version:	1.0.0.40	Trust: 1.6
vendor:	netgear	model:	r6900	scope:	lt	version:	1.2.0.36	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lt	version:	1.2.0.36	Trust: 1.0
vendor:	netgear	model:	d6200	scope:	eq	version:	1.1.00.36	Trust: 0.8
vendor:	netgear	model:	d7000	scope:	eq	version:	1.0.1.74	Trust: 0.8
vendor:	netgear	model:	jr6150	scope:	eq	version:	1.0.1.18	Trust: 0.8
vendor:	netgear	model:	pr2000	scope:	eq	version:	1.0.0.28	Trust: 0.8
vendor:	netgear	model:	r6020	scope:	eq	version:	1.0.0.40	Trust: 0.8
vendor:	netgear	model:	r6050	scope:	eq	version:	1.0.1.18	Trust: 0.8
vendor:	netgear	model:	r6080	scope:	eq	version:	1.0.0.40	Trust: 0.8
vendor:	netgear	model:	r6120	scope:	eq	version:	1.0.0.48	Trust: 0.8
vendor:	netgear	model:	r6220	scope:	eq	version:	1.1.0.86	Trust: 0.8
vendor:	netgear	model:	r6260	scope:	eq	version:	1.1.0.64	Trust: 0.8
vendor:	netgear	model:	r6700v2	scope:	lt	version:	1.2.0.36	Trust: 0.6
vendor:	netgear	model:	r6900v2	scope:	lt	version:	1.2.0.36	Trust: 0.6

sources: CNVD: CNVD-2021-57175 // JVNDB: JVNDB-2019-015425 // NVD: CVE-2019-20686

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-20686
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2019-20686
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2019-015425
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-57175
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-1270
value:	HIGH
Trust: 0.6
VULMON:	CVE-2019-20686
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-20686
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2019-015425
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-57175
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-20686
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2019-20686
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2019-015425
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-57175 // VULMON: CVE-2019-20686 // JVNDB: JVNDB-2019-015425 // CNNVD: CNNVD-202004-1270 // NVD: CVE-2019-20686 // NVD: CVE-2019-20686

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2019-015425 // NVD: CVE-2019-20686

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1270

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1270

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015425

PATCH

title:	Security Advisory for Pre-Authentication Buffer Overflow on Some Routers, Gateways, and Extenders, PSV-2018-0239	url:	https://kb.netgear.com/000061453/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0239	Trust: 0.8
title:	Patch for NETGEAR buffer overflow vulnerability (CNVD-2021-57175)	url:	https://www.cnvd.org.cn/patchInfo/show/283656	Trust: 0.6
title:	Multiple NETGEAR Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=114769	Trust: 0.6

sources: CNVD: CNVD-2021-57175 // JVNDB: JVNDB-2019-015425 // CNNVD: CNNVD-202004-1270

EXTERNAL IDS

db:	NVD	id:	CVE-2019-20686	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-015425	Trust: 0.8
db:	CNVD	id:	CNVD-2021-57175	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1270	Trust: 0.6
db:	VULMON	id:	CVE-2019-20686	Trust: 0.1

sources: CNVD: CNVD-2021-57175 // VULMON: CVE-2019-20686 // JVNDB: JVNDB-2019-015425 // CNNVD: CNNVD-202004-1270 // NVD: CVE-2019-20686

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-20686	Trust: 2.0
url:	https://kb.netgear.com/000061453/security-advisory-for-pre-authentication-buffer-overflow-on-some-routers-gateways-and-extenders-psv-2018-0239	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20686	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/120.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-57175 // VULMON: CVE-2019-20686 // JVNDB: JVNDB-2019-015425 // CNNVD: CNNVD-202004-1270 // NVD: CVE-2019-20686

CREDITS

suer

Trust: 0.6

sources: CNNVD: CNNVD-202004-1270

SOURCES

db:	CNVD	id:	CNVD-2021-57175
db:	VULMON	id:	CVE-2019-20686
db:	JVNDB	id:	JVNDB-2019-015425
db:	CNNVD	id:	CNNVD-202004-1270
db:	NVD	id:	CVE-2019-20686

LAST UPDATE DATE

2024-11-23T23:11:27.395000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-57175	date:	2021-07-31T00:00:00
db:	VULMON	id:	CVE-2019-20686	date:	2020-04-22T00:00:00
db:	JVNDB	id:	JVNDB-2019-015425	date:	2020-05-19T00:00:00
db:	CNNVD	id:	CNNVD-202004-1270	date:	2020-04-26T00:00:00
db:	NVD	id:	CVE-2019-20686	date:	2024-11-21T04:39:04.873

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-57175	date:	2020-07-31T00:00:00
db:	VULMON	id:	CVE-2019-20686	date:	2020-04-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-015425	date:	2020-05-19T00:00:00
db:	CNNVD	id:	CNNVD-202004-1270	date:	2020-04-16T00:00:00
db:	NVD	id:	CVE-2019-20686	date:	2020-04-16T19:15:23.120