CVE-2019-20682

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.

CVSS v3.0 8.8 HIGH
CVSS v2.0 5.8 MEDIUM

8.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 6.5 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://kb.netgear.com/000061457/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0311	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:netgear:d6200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d6200:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:jr6150:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netgear:pr2000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:pr2000:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6050:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*

Information

Published : 2020-04-16 12:15

Updated : 2020-04-22 07:03

NVD link : CVE-2019-20682

Mitre link : CVE-2019-20682

JSON object : View

CWE

CWE-787

Out-of-bounds Write

Products Affected

netgear

pr2000_firmware
d6200
r6700
r6120_firmware
r6220
d6000_firmware
r6260
d7000_firmware
jr6150_firmware
wnr2020_firmware
r6080
r6050
r6800
xr500_firmware
jr6150
r6020_firmware
r6020
pr2000
r6900
r6080_firmware
d7000
r6900_firmware
d3600
wnr2020
d6000
xr500
r6260_firmware
r6050_firmware
r6800_firmware
d6200_firmware
d3600_firmware
r6700_firmware
r6120
r6220_firmware

8.8 /10