Details of VAR-202012-1178

ID

VAR-202012-1178

CVE

CVE-2020-35803

TITLE

plural NETGEAR Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-014995

DESCRIPTION

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.46, R6080 before 1.0.0.46, R6120 before 1.0.0.72, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6700v2 before 1.2.0.74, R6800 before 1.2.0.74, R6900v2 before 1.2.0.74, R7450 before 1.2.0.74, AC2100 before 1.2.0.74, AC2400 before 1.2.0.74, and AC2600 before 1.2.0.74. plural NETGEAR An unspecified vulnerability exists in the device.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2020-35803 // JVNDB: JVNDB-2020-014995

AFFECTED PRODUCTS

vendor:	netgear	model:	r6080	scope:	lt	version:	1.0.0.46	Trust: 1.0
vendor:	netgear	model:	r6120	scope:	lt	version:	1.0.0.72	Trust: 1.0
vendor:	netgear	model:	r6220	scope:	lt	version:	1.1.0.100	Trust: 1.0
vendor:	netgear	model:	r6700v2	scope:	lt	version:	1.2.0.74	Trust: 1.0
vendor:	netgear	model:	ac2100	scope:	lt	version:	1.2.0.74	Trust: 1.0
vendor:	netgear	model:	r7450	scope:	lt	version:	1.2.0.74	Trust: 1.0
vendor:	netgear	model:	r6020	scope:	lt	version:	1.0.0.46	Trust: 1.0
vendor:	netgear	model:	r6800	scope:	lt	version:	1.2.0.74	Trust: 1.0
vendor:	netgear	model:	d7000	scope:	lt	version:	1.0.1.78	Trust: 1.0
vendor:	netgear	model:	r6900v2	scope:	lt	version:	1.2.0.74	Trust: 1.0
vendor:	netgear	model:	r6230	scope:	lt	version:	1.1.0.100	Trust: 1.0
vendor:	netgear	model:	r6260	scope:	lt	version:	1.1.0.76	Trust: 1.0
vendor:	netgear	model:	d6200	scope:	lt	version:	1.1.00.40	Trust: 1.0
vendor:	netgear	model:	ac2600	scope:	lt	version:	1.2.0.74	Trust: 1.0
vendor:	netgear	model:	ac2400	scope:	lt	version:	1.2.0.74	Trust: 1.0
vendor:	ネットギア	model:	r6260	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6700v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d7000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6120	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6230	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6800	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6020	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6080	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6220	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d6200	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-014995 // NVD: CVE-2020-35803

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-35803
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2020-35803
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-35803
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202012-1737
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-35803
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-35803
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2020-014995
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-014995 // CNNVD: CNNVD-202012-1737 // NVD: CVE-2020-35803 // NVD: CVE-2020-35803

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-014995 // NVD: CVE-2020-35803

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202012-1737

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202012-1737

PATCH

title:	Security Advisory for Sensitive Information Disclosure on Some Routers, PSV-2019-0110	url:	https://kb.netgear.com/000062732/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-PSV-2019-0110	Trust: 0.8
title:	Certain NETGEAR devices Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138118	Trust: 0.6

sources: JVNDB: JVNDB-2020-014995 // CNNVD: CNNVD-202012-1737

EXTERNAL IDS

db:	NVD	id:	CVE-2020-35803	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-014995	Trust: 0.8
db:	CNNVD	id:	CNNVD-202012-1737	Trust: 0.6

sources: JVNDB: JVNDB-2020-014995 // CNNVD: CNNVD-202012-1737 // NVD: CVE-2020-35803

REFERENCES

url:	https://kb.netgear.com/000062732/security-advisory-for-sensitive-information-disclosure-on-some-routers-psv-2019-0110	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35803	Trust: 1.4

sources: JVNDB: JVNDB-2020-014995 // CNNVD: CNNVD-202012-1737 // NVD: CVE-2020-35803

SOURCES

db:	JVNDB	id:	JVNDB-2020-014995
db:	CNNVD	id:	CNNVD-202012-1737
db:	NVD	id:	CVE-2020-35803

LAST UPDATE DATE

2024-11-23T22:44:18.903000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-014995	date:	2021-09-07T08:54:00
db:	CNNVD	id:	CNNVD-202012-1737	date:	2021-01-12T00:00:00
db:	NVD	id:	CVE-2020-35803	date:	2024-11-21T05:28:09.357

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-014995	date:	2021-09-07T00:00:00
db:	CNNVD	id:	CNNVD-202012-1737	date:	2020-12-29T00:00:00
db:	NVD	id:	CVE-2020-35803	date:	2020-12-30T00:15:14.567