Details of VAR-202004-0941

ID

VAR-202004-0941

CVE

CVE-2019-20676

TITLE

plural NETGEAR Vulnerability in lack of authentication on device

Trust: 0.8

sources: JVNDB: JVNDB-2019-015469

DESCRIPTION

Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS724TPv2 before 1.1.1.29, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1. plural NETGEAR The device contains a vulnerability related to lack of authentication.Information may be obtained and tampered with. NETGEAR GS105E, etc. are all a kind of switchboard of NETGEAR. No detailed vulnerability details are currently available

Trust: 2.16

sources: NVD: CVE-2019-20676 // JVNDB: JVNDB-2019-015469 // CNVD: CNVD-2020-24418

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-24418

AFFECTED PRODUCTS

vendor:	netgear	model:	fs728tlp	scope:	lt	version:	1.0.1.26	Trust: 1.6
vendor:	netgear	model:	gs105pe	scope:	lt	version:	1.6.0.4	Trust: 1.6
vendor:	netgear	model:	gs110emx	scope:	lt	version:	1.0.1.4	Trust: 1.6
vendor:	netgear	model:	gs408epp	scope:	lt	version:	1.0.0.15	Trust: 1.6
vendor:	netgear	model:	gs808e	scope:	lt	version:	1.7.0.7	Trust: 1.6
vendor:	netgear	model:	gs810emx	scope:	lt	version:	1.7.1.1	Trust: 1.6
vendor:	netgear	model:	gs908e	scope:	lt	version:	1.7.0.3	Trust: 1.6
vendor:	netgear	model:	gss108e	scope:	lt	version:	1.6.0.4	Trust: 1.6
vendor:	netgear	model:	gss108epp	scope:	lt	version:	1.0.0.15	Trust: 1.6
vendor:	netgear	model:	gss116e	scope:	lt	version:	1.6.0.9	Trust: 1.6
vendor:	netgear	model:	jgs516pe	scope:	lt	version:	2.6.0.35	Trust: 1.6
vendor:	netgear	model:	jgs524pe	scope:	lt	version:	2.6.0.35	Trust: 1.6
vendor:	netgear	model:	xs512em	scope:	lt	version:	1.0.1.1	Trust: 1.6
vendor:	netgear	model:	xs716e	scope:	lt	version:	1.6.0.23	Trust: 1.6
vendor:	netgear	model:	xs724em	scope:	lt	version:	1.0.1.1	Trust: 1.6
vendor:	netgear	model:	gs724tp	scope:	lt	version:	1.1.1.29	Trust: 1.0
vendor:	netgear	model:	gs116e	scope:	lt	version:	2.6.0.35	Trust: 1.0
vendor:	netgear	model:	gs108pe	scope:	lt	version:	2.06.08	Trust: 1.0
vendor:	netgear	model:	xs708e	scope:	lt	version:	1.6.0.23	Trust: 1.0
vendor:	netgear	model:	gs105e	scope:	lt	version:	1.6.0.4	Trust: 1.0
vendor:	netgear	model:	gs108e	scope:	lt	version:	2.06.08	Trust: 1.0
vendor:	netgear	model:	jgs524e	scope:	lt	version:	2.6.0.35	Trust: 1.0
vendor:	netgear	model:	fs728tlp	scope:	eq	version:	1.0.1.26	Trust: 0.8
vendor:	netgear	model:	gs105e	scope:	eq	version:	1.6.0.4	Trust: 0.8
vendor:	netgear	model:	gs105pe prosafe plus switch	scope:	eq	version:	1.6.0.4	Trust: 0.8
vendor:	netgear	model:	gs108e	scope:	eq	version:	2.06.08	Trust: 0.8
vendor:	netgear	model:	gs108pe prosafe plus switch	scope:	eq	version:	2.06.08	Trust: 0.8
vendor:	netgear	model:	gs110emx	scope:	eq	version:	1.0.1.4	Trust: 0.8
vendor:	netgear	model:	gs116e	scope:	eq	version:	2.6.0.35	Trust: 0.8
vendor:	netgear	model:	gs408epp	scope:	eq	version:	1.0.0.15	Trust: 0.8
vendor:	netgear	model:	gs724tp	scope:	eq	version:	1.1.1.29	Trust: 0.8
vendor:	netgear	model:	gs808e	scope:	eq	version:	1.7.0.7	Trust: 0.8
vendor:	netgear	model:	gs105ev2	scope:	lt	version:	1.6.0.4	Trust: 0.6
vendor:	netgear	model:	gs108ev3	scope:	lt	version:	2.06.08	Trust: 0.6
vendor:	netgear	model:	gs108pev3	scope:	lt	version:	2.06.08	Trust: 0.6
vendor:	netgear	model:	gs116ev2	scope:	lt	version:	2.6.0.35	Trust: 0.6
vendor:	netgear	model:	gs724tpv2	scope:	lt	version:	1.1.1.29	Trust: 0.6
vendor:	netgear	model:	jgs524ev2	scope:	lt	version:	2.6.0.35	Trust: 0.6
vendor:	netgear	model:	xs708ev2	scope:	lt	version:	1.6.0.23	Trust: 0.6

sources: CNVD: CNVD-2020-24418 // JVNDB: JVNDB-2019-015469 // NVD: CVE-2019-20676

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-20676
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2019-20676
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2019-015469
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-24418
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202004-1210
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-20676
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-015469
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-24418
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-20676
baseSeverity:	MEDIUM
baseScore:	6.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	5.2
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2019-20676
baseSeverity:	MEDIUM
baseScore:	6.0
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	5.2
version:	3.0
Trust: 1.0
NVD:	JVNDB-2019-015469
baseSeverity:	MEDIUM
baseScore:	6.0
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-24418 // JVNDB: JVNDB-2019-015469 // CNNVD: CNNVD-202004-1210 // NVD: CVE-2019-20676 // NVD: CVE-2019-20676

PROBLEMTYPE DATA

problemtype:

CWE-862

Trust: 1.8

sources: JVNDB: JVNDB-2019-015469 // NVD: CVE-2019-20676

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-1210

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015469

PATCH

title:	Security Advisory for Missing Function Level Access Control on Some Switches, PSV-2018-0542	url:	https://kb.netgear.com/000061463/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Switches-PSV-2018-0542	Trust: 0.8
title:	Patch for Multiple NETGEAR product access control error vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/215173	Trust: 0.6
title:	Multiple NETGEAR Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116089	Trust: 0.6

sources: CNVD: CNVD-2020-24418 // JVNDB: JVNDB-2019-015469 // CNNVD: CNNVD-202004-1210

EXTERNAL IDS

db:	NVD	id:	CVE-2019-20676	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-015469	Trust: 0.8
db:	CNVD	id:	CNVD-2020-24418	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1210	Trust: 0.6

sources: CNVD: CNVD-2020-24418 // JVNDB: JVNDB-2019-015469 // CNNVD: CNNVD-202004-1210 // NVD: CVE-2019-20676

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-20676	Trust: 2.0
url:	https://kb.netgear.com/000061463/security-advisory-for-missing-function-level-access-control-on-some-switches-psv-2018-0542	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20676	Trust: 0.8

sources: CNVD: CNVD-2020-24418 // JVNDB: JVNDB-2019-015469 // CNNVD: CNNVD-202004-1210 // NVD: CVE-2019-20676

SOURCES

db:	CNVD	id:	CNVD-2020-24418
db:	JVNDB	id:	JVNDB-2019-015469
db:	CNNVD	id:	CNNVD-202004-1210
db:	NVD	id:	CVE-2019-20676

LAST UPDATE DATE

2024-11-23T23:11:27.368000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-24418	date:	2020-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-015469	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1210	date:	2020-04-21T00:00:00
db:	NVD	id:	CVE-2019-20676	date:	2024-11-21T04:39:03.200

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-24418	date:	2020-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-015469	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1210	date:	2020-04-15T00:00:00
db:	NVD	id:	CVE-2019-20676	date:	2020-04-15T20:15:14.333