CVE-2019-20755

Published: Apr 16, 2020Modified: Nov 21, 2024

6.8

Vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6220 before 1.0.0.46, D6400 before 1.0.0.80, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v1 before 1.0.0.58, DGN2200B before 1.0.0.58, JNDR3000 before 1.0.0.24, RBW30 before 2.1.4.16, R6250 before 1.0.4.26, R6300v2 before 1.0.4.28, R6400 before 1.0.1.42, R6400v2 before 1.0.2.56, R6700 before 1.0.1.46, R6900 before 1.0.1.46, R7000 before 1.0.9.32, R6900P before 1.3.1.44, R7100LG before 1.0.0.46, R7300DST before 1.0.0.68, R7000P before 1.3.1.44, R7900 before 1.0.2.16, R8000P before 1.4.0.10, R7900P before 1.4.0.10, R8300 before 1.0.2.122, R8500 before 1.0.2.122, R8000 before 1.0.4.18, WNDR3400v3 before 1.0.1.22, WNDR4500v2 before 1.0.0.72, WNR3500Lv2 before 1.2.0.54, WN3100RP before 1.0.0.20, and WN2500RPv2 before 1.0.1.54.

Affected (30)

Products: Netgear: D6220 Firmware, D6400 Firmware, D7000 Firmware, D8500 Firmware, Dgn2200 Firmware, Dgn2200b Firmware, Jndr3000 Firmware, Rbw30 Firmware, R6250 Firmware, R6300 Firmware, R6400 Firmware, R6700 Firmware, R6900 Firmware, R7000 Firmware, R6900p Firmware, R7100lg Firmware, R7300dst Firmware, R7000p Firmware, R7900 Firmware, R8000p Firmware, R7900p Firmware, R8300 Firmware, R8500 Firmware, R8000 Firmware, Wndr3400 Firmware, Wndr4500 Firmware, Wnr3500l Firmware, Wn3100rp Firmware, Wn2500rp Firmware

29 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear D6220 Firmware	Before 1.0.0.46

Running on/with	Platform Versions
Netgear D6220	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear D6400 Firmware	Before 1.0.0.80

Running on/with	Platform Versions
Netgear D6400	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear D7000 Firmware	Before 1.0.0.51

Running on/with	Platform Versions
Netgear D7000	Version v2

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear D8500 Firmware	Before 1.0.3.42

Running on/with	Platform Versions
Netgear D8500	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Dgn2200 Firmware	Before 1.0.0.58

Running on/with	Platform Versions
Netgear Dgn2200	Version v1

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Dgn2200b Firmware	Before 1.0.0.58

Running on/with	Platform Versions
Netgear Dgn2200b	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Jndr3000 Firmware	Before 1.0.0.24

Running on/with	Platform Versions
Netgear Jndr3000	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbw30 Firmware	Before 2.1.4.16

Running on/with	Platform Versions
Netgear Rbw30	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6250 Firmware	Before 1.0.4.26

Running on/with	Platform Versions
Netgear R6250	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6300 Firmware	Before 1.0.4.28

Running on/with	Platform Versions
Netgear R6300	Version v2

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6400 Firmware	Before 1.0.1.42

Running on/with	Platform Versions
Netgear R6400	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6400 Firmware	Before 1.0.2.56

Running on/with	Platform Versions
Netgear R6400	Version v2

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6700 Firmware	Before 1.0.1.46

Running on/with	Platform Versions
Netgear R6700	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6900 Firmware	Before 1.0.1.46

Running on/with	Platform Versions
Netgear R6900	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7000 Firmware	Before 1.0.9.32

Running on/with	Platform Versions
Netgear R7000	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6900p Firmware	Before 1.3.1.44

Running on/with	Platform Versions
Netgear R6900p	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7100lg Firmware	Before 1.0.0.46

Running on/with	Platform Versions
Netgear R7100lg	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7300dst Firmware	Before 1.0.0.68

Running on/with	Platform Versions
Netgear R7300dst	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7000p Firmware	Before 1.3.1.44

Running on/with	Platform Versions
Netgear R7000p	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7900 Firmware	Before 1.0.2.16

Running on/with	Platform Versions
Netgear R7900	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R8000p Firmware	Before 1.4.0.10

Running on/with	Platform Versions
Netgear R8000p	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7900p Firmware	Before 1.4.0.10

Running on/with	Platform Versions
Netgear R7900p	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R8300 Firmware	Before 1.0.2.122

Running on/with	Platform Versions
Netgear R8300	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R8500 Firmware	Before 1.0.2.122

Running on/with	Platform Versions
Netgear R8500	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R8000 Firmware	Before 1.0.4.18

Running on/with	Platform Versions
Netgear R8000	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wndr3400 Firmware	Before 1.0.1.22

Running on/with	Platform Versions
Netgear Wndr3400	Version v3

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wndr4500 Firmware	Before 1.0.0.72

Running on/with	Platform Versions
Netgear Wndr4500	Version v2

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wnr3500l Firmware	Before 1.2.0.54

Running on/with	Platform Versions
Netgear Wnr3500l	Version v2

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wn3100rp Firmware	Before 1.0.0.20

Running on/with	Platform Versions
Netgear Wn3100rp	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wn2500rp Firmware	Before 1.0.1.54

Running on/with	Platform Versions
Netgear Wn2500rp	Version v2

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://kb.netgear.com/000060627/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Modem-Routers-Extenders-and-Orbi-Satellites-PSV-2018-0053

Source: cve@mitre.org

Vendor Advisory

https://kb.netgear.com/000060627/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Modem-Routers-Extenders-and-Orbi-Satellites-PSV-2018-0053

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.