Details of VAR-202005-0487

ID

VAR-202005-0487

CVE

CVE-2020-13245

TITLE

plural NETGEAR Certificate validation vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-005897

DESCRIPTION

Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P. NETGEAR R7000 is a wireless router of NETGEAR. Attackers can use this vulnerability to send malicious firmware updates to routers by implementing man-in-the-middle attacks

Trust: 2.16

sources: NVD: CVE-2020-13245 // JVNDB: JVNDB-2020-005897 // CNVD: CNVD-2020-30829

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-30829

AFFECTED PRODUCTS

vendor:	netgear	model:	r6800	scope:	lte	version:	v1.0.11.100_10.2.100	Trust: 1.0
vendor:	netgear	model:	r6220	scope:	lte	version:	v1.0.11.100_10.2.100	Trust: 1.0
vendor:	netgear	model:	r7800	scope:	gte	version:	v1.0.9.6_1.2.19	Trust: 1.0
vendor:	netgear	model:	xr300	scope:	lte	version:	v1.0.11.100_10.2.100	Trust: 1.0
vendor:	netgear	model:	rax120	scope:	lte	version:	v1.0.11.100_10.2.100	Trust: 1.0
vendor:	netgear	model:	r6120	scope:	gte	version:	v1.0.9.6_1.2.19	Trust: 1.0
vendor:	netgear	model:	rax120	scope:	gte	version:	v1.0.9.6_1.2.19	Trust: 1.0
vendor:	netgear	model:	rbr20	scope:	gte	version:	v1.0.9.6_1.2.19	Trust: 1.0
vendor:	netgear	model:	rbr20	scope:	lte	version:	v1.0.11.100_10.2.100	Trust: 1.0
vendor:	netgear	model:	r9000	scope:	gte	version:	v1.0.9.6_1.2.19	Trust: 1.0
vendor:	netgear	model:	r7800	scope:	lte	version:	v1.0.11.100_10.2.100	Trust: 1.0
vendor:	netgear	model:	xr500	scope:	gte	version:	v1.0.9.6_1.2.19	Trust: 1.0
vendor:	netgear	model:	r7000p	scope:	gte	version:	v1.0.9.6_1.2.19	Trust: 1.0
vendor:	netgear	model:	r8000	scope:	gte	version:	v1.0.9.6_1.2.19	Trust: 1.0
vendor:	netgear	model:	r6120	scope:	lte	version:	v1.0.11.100_10.2.100	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	gte	version:	v1.0.9.6_1.2.19	Trust: 1.0
vendor:	netgear	model:	r7000p	scope:	lte	version:	v1.0.11.100_10.2.100	Trust: 1.0
vendor:	netgear	model:	r8000	scope:	lte	version:	v1.0.11.100_10.2.100	Trust: 1.0
vendor:	netgear	model:	xr300	scope:	gte	version:	v1.0.9.6_1.2.19	Trust: 1.0
vendor:	netgear	model:	r9000	scope:	lte	version:	v1.0.11.100_10.2.100	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lte	version:	v1.0.11.100_10.2.100	Trust: 1.0
vendor:	netgear	model:	r6850	scope:	gte	version:	v1.0.9.6_1.2.19	Trust: 1.0
vendor:	netgear	model:	r6350	scope:	gte	version:	v1.0.9.6_1.2.19	Trust: 1.0
vendor:	netgear	model:	r6800	scope:	gte	version:	v1.0.9.6_1.2.19	Trust: 1.0
vendor:	netgear	model:	xr500	scope:	lte	version:	v1.0.11.100_10.2.100	Trust: 1.0
vendor:	netgear	model:	r6850	scope:	lte	version:	v1.0.11.100_10.2.100	Trust: 1.0
vendor:	netgear	model:	r6350	scope:	lte	version:	v1.0.11.100_10.2.100	Trust: 1.0
vendor:	netgear	model:	r6220	scope:	gte	version:	v1.0.9.6_1.2.19	Trust: 1.0
vendor:	netgear	model:	r6120	scope:	eq	version:	1.0.9.6_1.2.19 から 1.0.11.100_10.2.10	Trust: 0.8
vendor:	netgear	model:	r6220	scope:	eq	version:	1.0.9.6_1.2.19 から 1.0.11.100_10.2.10	Trust: 0.8
vendor:	netgear	model:	r6350	scope:	eq	version:	1.0.9.6_1.2.19 から 1.0.11.100_10.2.10	Trust: 0.8
vendor:	netgear	model:	r6400	scope:	eq	version:	1.0.9.6_1.2.19 から 1.0.11.100_10.2.10	Trust: 0.8
vendor:	netgear	model:	r6800	scope:	eq	version:	1.0.9.6_1.2.19 から 1.0.11.100_10.2.10	Trust: 0.8
vendor:	netgear	model:	r6850	scope:	eq	version:	1.0.9.6_1.2.19 から 1.0.11.100_10.2.10	Trust: 0.8
vendor:	netgear	model:	r7000p	scope:	eq	version:	1.0.9.6_1.2.19 から 1.0.11.100_10.2.10	Trust: 0.8
vendor:	netgear	model:	r7800	scope:	eq	version:	1.0.9.6_1.2.19 から 1.0.11.100_10.2.10	Trust: 0.8
vendor:	netgear	model:	r8000	scope:	eq	version:	1.0.9.6_1.2.19 から 1.0.11.100_10.2.10	Trust: 0.8
vendor:	netgear	model:	r9000	scope:	eq	version:	1.0.9.6_1.2.19 から 1.0.11.100_10.2.10	Trust: 0.8
vendor:	netgear	model:	r6400	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r7000p	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r8000	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r6350	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	xr300	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	r6850	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	xr500	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-30829 // JVNDB: JVNDB-2020-005897 // NVD: CVE-2020-13245

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-13245
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-005897
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-30829
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202005-1394
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-13245
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-005897
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-30829
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-13245
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-005897
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-30829 // JVNDB: JVNDB-2020-005897 // CNNVD: CNNVD-202005-1394 // NVD: CVE-2020-13245

PROBLEMTYPE DATA

problemtype:

CWE-295

Trust: 1.8

sources: JVNDB: JVNDB-2020-005897 // NVD: CVE-2020-13245

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-1394

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202005-1394

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005897

PATCH

title:	Top Page	url:	https://www.netgear.com/	Trust: 0.8
title:	Patch for NETGEAR man-in-the-middle vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/219613	Trust: 0.6
title:	Multiple NETGEAR Repair measures for product trust management problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123121	Trust: 0.6

sources: CNVD: CNVD-2020-30829 // JVNDB: JVNDB-2020-005897 // CNNVD: CNNVD-202005-1394

EXTERNAL IDS

db:	NVD	id:	CVE-2020-13245	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-005897	Trust: 0.8
db:	CNVD	id:	CNVD-2020-30829	Trust: 0.6
db:	CNNVD	id:	CNNVD-202005-1394	Trust: 0.6

sources: CNVD: CNVD-2020-30829 // JVNDB: JVNDB-2020-005897 // CNNVD: CNNVD-202005-1394 // NVD: CVE-2020-13245

REFERENCES

url:	https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/	Trust: 2.4
url:	https://www.netgear.com/about/security/	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13245	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13245	Trust: 0.8

sources: JVNDB: JVNDB-2020-005897 // CNNVD: CNNVD-202005-1394 // NVD: CVE-2020-13245

SOURCES

db:	CNVD	id:	CNVD-2020-30829
db:	JVNDB	id:	JVNDB-2020-005897
db:	CNNVD	id:	CNNVD-202005-1394
db:	NVD	id:	CVE-2020-13245

LAST UPDATE DATE

2024-11-23T22:21:11.577000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-30829	date:	2020-06-01T00:00:00
db:	JVNDB	id:	JVNDB-2020-005897	date:	2020-06-24T00:00:00
db:	CNNVD	id:	CNNVD-202005-1394	date:	2020-07-06T00:00:00
db:	NVD	id:	CVE-2020-13245	date:	2024-11-21T05:00:51.973

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-30829	date:	2020-06-01T00:00:00
db:	JVNDB	id:	JVNDB-2020-005897	date:	2020-06-24T00:00:00
db:	CNNVD	id:	CNNVD-202005-1394	date:	2020-05-28T00:00:00
db:	NVD	id:	CVE-2020-13245	date:	2020-05-28T19:15:10.830