Details of VAR-202004-0923

ID

VAR-202004-0923

CVE

CVE-2019-20658

TITLE

plural NETGEAR Information leakage vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-015468

DESCRIPTION

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1. NETGEAR GS105E, etc. are all a kind of switchboard of NETGEAR

Trust: 2.16

sources: NVD: CVE-2019-20658 // JVNDB: JVNDB-2019-015468 // CNVD: CNVD-2020-27209

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-27209

AFFECTED PRODUCTS

vendor:	netgear	model:	fs728tlp	scope:	lt	version:	1.0.1.26	Trust: 1.6
vendor:	netgear	model:	gs105pe	scope:	lt	version:	1.6.0.4	Trust: 1.6
vendor:	netgear	model:	gs110emx	scope:	lt	version:	1.0.1.4	Trust: 1.6
vendor:	netgear	model:	gs408epp	scope:	lt	version:	1.0.0.15	Trust: 1.6
vendor:	netgear	model:	gs808e	scope:	lt	version:	1.7.0.7	Trust: 1.6
vendor:	netgear	model:	gs810emx	scope:	lt	version:	1.7.1.1	Trust: 1.6
vendor:	netgear	model:	gs908e	scope:	lt	version:	1.7.0.3	Trust: 1.6
vendor:	netgear	model:	gss108e	scope:	lt	version:	1.6.0.4	Trust: 1.6
vendor:	netgear	model:	gss108epp	scope:	lt	version:	1.0.0.15	Trust: 1.6
vendor:	netgear	model:	gss116e	scope:	lt	version:	1.6.0.9	Trust: 1.6
vendor:	netgear	model:	jgs516pe	scope:	lt	version:	2.6.0.35	Trust: 1.6
vendor:	netgear	model:	jgs524pe	scope:	lt	version:	2.6.0.35	Trust: 1.6
vendor:	netgear	model:	xs512em	scope:	lt	version:	1.0.1.1	Trust: 1.6
vendor:	netgear	model:	xs716e	scope:	lt	version:	1.6.0.23	Trust: 1.6
vendor:	netgear	model:	xs724em	scope:	lt	version:	1.0.1.1	Trust: 1.6
vendor:	netgear	model:	gs116e	scope:	lt	version:	2.6.0.35	Trust: 1.0
vendor:	netgear	model:	gs108pe	scope:	lt	version:	2.06.08	Trust: 1.0
vendor:	netgear	model:	xs708e	scope:	lt	version:	1.6.0.23	Trust: 1.0
vendor:	netgear	model:	gs105e	scope:	lt	version:	1.6.0.4	Trust: 1.0
vendor:	netgear	model:	gs108e	scope:	lt	version:	2.06.08	Trust: 1.0
vendor:	netgear	model:	jgs524e	scope:	lt	version:	2.6.0.35	Trust: 1.0
vendor:	netgear	model:	fs728tlp	scope:	eq	version:	1.0.1.26	Trust: 0.8
vendor:	netgear	model:	gs105e	scope:	eq	version:	1.6.0.4	Trust: 0.8
vendor:	netgear	model:	gs105pe prosafe plus switch	scope:	eq	version:	1.6.0.4	Trust: 0.8
vendor:	netgear	model:	gs108e	scope:	eq	version:	2.06.08	Trust: 0.8
vendor:	netgear	model:	gs108pe prosafe plus switch	scope:	eq	version:	2.06.08	Trust: 0.8
vendor:	netgear	model:	gs110emx	scope:	eq	version:	1.0.1.4	Trust: 0.8
vendor:	netgear	model:	gs116e	scope:	eq	version:	2.6.0.35	Trust: 0.8
vendor:	netgear	model:	gs408epp	scope:	eq	version:	1.0.0.15	Trust: 0.8
vendor:	netgear	model:	gs808e	scope:	eq	version:	1.7.0.7	Trust: 0.8
vendor:	netgear	model:	gs810emx	scope:	eq	version:	1.7.1.1	Trust: 0.8
vendor:	netgear	model:	gs105ev2	scope:	lt	version:	1.6.0.4	Trust: 0.6
vendor:	netgear	model:	gs108ev3	scope:	lt	version:	2.06.08	Trust: 0.6
vendor:	netgear	model:	gs108pev3	scope:	lt	version:	2.06.08	Trust: 0.6
vendor:	netgear	model:	gs116ev2	scope:	lt	version:	2.6.0.35	Trust: 0.6
vendor:	netgear	model:	jgs524ev2	scope:	lt	version:	2.6.0.35	Trust: 0.6
vendor:	netgear	model:	xs708ev2	scope:	lt	version:	1.6.0.23	Trust: 0.6

sources: CNVD: CNVD-2020-27209 // JVNDB: JVNDB-2019-015468 // NVD: CVE-2019-20658

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-20658
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2019-20658
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2019-015468
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-27209
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202004-1228
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-20658
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-015468
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-27209
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-20658
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2019-20658
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.0
Trust: 1.0
NVD:	JVNDB-2019-015468
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-27209 // JVNDB: JVNDB-2019-015468 // CNNVD: CNNVD-202004-1228 // NVD: CVE-2019-20658 // NVD: CVE-2019-20658

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-200	Trust: 0.8

sources: JVNDB: JVNDB-2019-015468 // NVD: CVE-2019-20658

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-1228

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015468

PATCH

title:	Security Advisory for Sensitive Information Disclosure on Some Switches, PSV-2018-0612	url:	https://kb.netgear.com/000061481/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Switches-PSV-2018-0612	Trust: 0.8
title:	Patch for Multiple NETGEAR product information disclosure vulnerabilities (CNVD-2020-27209)	url:	https://www.cnvd.org.cn/patchInfo/show/216869	Trust: 0.6
title:	Multiple NETGEAR Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116106	Trust: 0.6

sources: CNVD: CNVD-2020-27209 // JVNDB: JVNDB-2019-015468 // CNNVD: CNNVD-202004-1228

EXTERNAL IDS

db:	NVD	id:	CVE-2019-20658	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-015468	Trust: 0.8
db:	CNVD	id:	CNVD-2020-27209	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1228	Trust: 0.6

sources: CNVD: CNVD-2020-27209 // JVNDB: JVNDB-2019-015468 // CNNVD: CNNVD-202004-1228 // NVD: CVE-2019-20658

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-20658	Trust: 2.0
url:	https://kb.netgear.com/000061481/security-advisory-for-sensitive-information-disclosure-on-some-switches-psv-2018-0612	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20658	Trust: 0.8

sources: CNVD: CNVD-2020-27209 // JVNDB: JVNDB-2019-015468 // CNNVD: CNNVD-202004-1228 // NVD: CVE-2019-20658

SOURCES

db:	CNVD	id:	CNVD-2020-27209
db:	JVNDB	id:	JVNDB-2019-015468
db:	CNNVD	id:	CNNVD-202004-1228
db:	NVD	id:	CVE-2019-20658

LAST UPDATE DATE

2024-11-23T22:37:25.413000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-27209	date:	2020-05-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-015468	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1228	date:	2020-04-21T00:00:00
db:	NVD	id:	CVE-2019-20658	date:	2024-11-21T04:38:59.387

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-27209	date:	2020-05-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-015468	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1228	date:	2020-04-15T00:00:00
db:	NVD	id:	CVE-2019-20658	date:	2020-04-15T19:15:13.253