CVE-2019-20747
6.8
Vector
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.9 / Impact: 5.9
Source: NVD
Description
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.40, R7500v2 before 1.0.3.34, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.3.16, RAX120 before 1.0.0.74, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22, RBS20 before 2.3.0.22, RBK50 before 2.3.0.22, RBR50 before 2.3.0.22, RBS50 before 2.3.0.22, RBK40 before 2.3.0.22, RBS40 before 2.3.0.22, SRK60 before 2.2.0.64, SRR60 before 2.2.0.64, SRS60 before 2.2.0.64, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, and WNR2000v5 before 1.0.0.66.
Affected (23)
Products: Netgear: D6100 Firmware, D7800 Firmware, R7500 Firmware, R7800 Firmware, R8900 Firmware, R9000 Firmware, Rax120 Firmware, Rbk20 Firmware, Rbr20 Firmware, Rbs20 Firmware, Rbk50 Firmware, Rbr50 Firmware, Rbs50 Firmware, Rbk40 Firmware, Rbs40 Firmware, Srk60 Firmware, Srr60 Firmware, Srs60 Firmware, Wndr3700 Firmware, Wndr4300 Firmware, Wndr4500 Firmware, Wnr2000 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.0.58 |
| Running on/with | Platform Versions |
|---|---|
Netgear D6100 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.1.40 |
| Running on/with | Platform Versions |
|---|---|
Netgear D7800 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.3.34 |
| Running on/with | Platform Versions |
|---|---|
Netgear R7500 | Version v2 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.2.52 |
| Running on/with | Platform Versions |
|---|---|
Netgear R7800 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.4.2 |
| Running on/with | Platform Versions |
|---|---|
Netgear R8900 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.3.16 |
| Running on/with | Platform Versions |
|---|---|
Netgear R9000 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.0.74 |
| Running on/with | Platform Versions |
|---|---|
Netgear Rax120 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.3.0.22 |
| Running on/with | Platform Versions |
|---|---|
Netgear Rbk20 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.3.0.22 |
| Running on/with | Platform Versions |
|---|---|
Netgear Rbr20 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.3.0.22 |
| Running on/with | Platform Versions |
|---|---|
Netgear Rbs20 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.3.0.22 |
| Running on/with | Platform Versions |
|---|---|
Netgear Rbk50 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.3.0.22 |
| Running on/with | Platform Versions |
|---|---|
Netgear Rbr50 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.3.0.22 |
| Running on/with | Platform Versions |
|---|---|
Netgear Rbs50 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.3.0.22 |
| Running on/with | Platform Versions |
|---|---|
Netgear Rbk40 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.3.0.22 |
| Running on/with | Platform Versions |
|---|---|
Netgear Rbs40 | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.2.0.64 |
| Running on/with | Platform Versions |
|---|---|
Netgear Srk60 | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.2.0.64 |
| Running on/with | Platform Versions |
|---|---|
Netgear Srr60 | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.2.0.64 |
| Running on/with | Platform Versions |
|---|---|
Netgear Srs60 | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.2.102 |
| Running on/with | Platform Versions |
|---|---|
Netgear Wndr3700 | Version v4 |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.2.104 |
| Running on/with | Platform Versions |
|---|---|
Netgear Wndr4300 | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.0.56 |
| Running on/with | Platform Versions |
|---|---|
Netgear Wndr4300 | Version v2 |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.0.56 |
| Running on/with | Platform Versions |
|---|---|
Netgear Wndr4500 | Version v3 |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.0.66 |
| Running on/with | Platform Versions |
|---|---|
Netgear Wnr2000 | Version v5 |
References (2)
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.