CVE-2019-20699

Published: Apr 16, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, and GSS108EPP before 1.0.0.15.

Affected (7)

Products: Netgear: Gs105e Firmware, Gs105pe Firmware, Gs408epp Firmware, Gs808e Firmware, Gs908e Firmware, Gss108e Firmware, Gss108epp Firmware

7 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs105e Firmware	Before 1.6.0.4

Running on/with	Platform Versions
Netgear Gs105e	Version v2

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs105pe Firmware	Before 1.6.0.4

Running on/with	Platform Versions
Netgear Gs105pe	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs408epp Firmware	Before 1.0.0.15

Running on/with	Platform Versions
Netgear Gs408epp	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs808e Firmware	Before 1.7.0.7

Running on/with	Platform Versions
Netgear Gs808e	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gs908e Firmware	Before 1.7.0.3

Running on/with	Platform Versions
Netgear Gs908e	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gss108e Firmware	Before 1.6.0.4

Running on/with	Platform Versions
Netgear Gss108e	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Gss108epp Firmware	Before 1.0.0.15

Running on/with	Platform Versions
Netgear Gss108epp	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://kb.netgear.com/000061230/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Switches-PSV-2018-0538

Source: cve@mitre.org

Vendor Advisory

https://kb.netgear.com/000061230/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Switches-PSV-2018-0538

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.