Vulnerability Name: CVE-2019-20658 (CCN-180523) Assigned: 2019-12-03 Published: 2019-12-03 Updated: 2021-07-21 Summary: Certain NETGEAR devices are affected by disclosure of sensitive information. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1. CVSS v3 Severity: 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): AdjacentAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
5.4 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 4.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): AdjacentAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 3.3 Low (CVSS v2 Vector: AV:A/AC:L/Au:N/C:P/I:N/A:N Exploitability Metrics: Access Vector (AV): Adjacent_NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
4.8 Medium (CCN CVSS v2 Vector: AV:A/AC:L/Au:N/C:P/I:P/A:N Exploitability Metrics: Access Vector (AV): Adjacent_NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-200 Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2019-20658 netgear-cve201920658-info-disc(180523) Security Advisory for Sensitive Information Disclosure on Some Switches https://kb.netgear.com/000061481/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Switches-PSV-2018-0612 Vulnerable Configuration: Configuration 1 :cpe:/o:netgear:fs728tlp_firmware:*:*:*:*:*:*:*:* (Version < 1.0.1.26)AND cpe:/h:netgear:fs728tlp:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:netgear:gs105e_firmware:*:*:*:*:*:*:*:* (Version < 1.6.0.4)AND cpe:/h:netgear:gs105e:v2:*:*:*:*:*:*:* Configuration 3 :cpe:/o:netgear:gs105pe_firmware:*:*:*:*:*:*:*:* (Version < 1.6.0.4)AND cpe:/h:netgear:gs105pe:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:netgear:gs108e_firmware:*:*:*:*:*:*:*:* (Version < 2.06.08)AND cpe:/h:netgear:gs108e:v3:*:*:*:*:*:*:* Configuration 5 :cpe:/o:netgear:gs108pe_firmware:*:*:*:*:*:*:*:* (Version < 2.06.08)AND cpe:/h:netgear:gs108pe:v3:*:*:*:*:*:*:* Configuration 6 :cpe:/o:netgear:gs110emx_firmware:*:*:*:*:*:*:*:* (Version < 1.0.1.4)AND cpe:/h:netgear:gs110emx:-:*:*:*:*:*:*:* Configuration 7 :cpe:/o:netgear:gs116e_firmware:*:*:*:*:*:*:*:* (Version < 2.6.0.35)AND cpe:/h:netgear:gs116e:v2:*:*:*:*:*:*:* Configuration 8 :cpe:/o:netgear:gs408epp_firmware:*:*:*:*:*:*:*:* (Version < 1.0.0.15)AND cpe:/h:netgear:gs408epp:-:*:*:*:*:*:*:* Configuration 9 :cpe:/o:netgear:gs808e_firmware:*:*:*:*:*:*:*:* (Version < 1.7.0.7)AND cpe:/h:netgear:gs808e:-:*:*:*:*:*:*:* Configuration 10 :cpe:/o:netgear:gs810emx_firmware:*:*:*:*:*:*:*:* (Version < 1.7.1.1)AND cpe:/h:netgear:gs810emx:-:*:*:*:*:*:*:* Configuration 11 :cpe:/o:netgear:gs908e_firmware:*:*:*:*:*:*:*:* (Version < 1.7.0.3)AND cpe:/h:netgear:gs908e:-:*:*:*:*:*:*:* Configuration 12 :cpe:/o:netgear:gss108e_firmware:*:*:*:*:*:*:*:* (Version < 1.6.0.4)AND cpe:/h:netgear:gss108e:-:*:*:*:*:*:*:* Configuration 13 :cpe:/o:netgear:gss108epp_firmware:*:*:*:*:*:*:*:* (Version < 1.0.0.15)AND cpe:/h:netgear:gss108epp:-:*:*:*:*:*:*:* Configuration 14 :cpe:/o:netgear:gss116e_firmware:*:*:*:*:*:*:*:* (Version < 1.6.0.9)AND cpe:/h:netgear:gss116e:-:*:*:*:*:*:*:* Configuration 15 :cpe:/o:netgear:jgs516pe_firmware:*:*:*:*:*:*:*:* (Version < 2.6.0.35)AND cpe:/h:netgear:jgs516pe:-:*:*:*:*:*:*:* Configuration 16 :cpe:/o:netgear:jgs524e_firmware:*:*:*:*:*:*:*:* (Version < 2.6.0.35)AND cpe:/h:netgear:jgs524e:v2:*:*:*:*:*:*:* Configuration 17 :cpe:/o:netgear:jgs524pe_firmware:*:*:*:*:*:*:*:* (Version < 2.6.0.35)AND cpe:/h:netgear:jgs524pe:-:*:*:*:*:*:*:* Configuration 18 :cpe:/o:netgear:xs512em_firmware:*:*:*:*:*:*:*:* (Version < 1.0.1.1)AND cpe:/h:netgear:xs512em:-:*:*:*:*:*:*:* Configuration 19 :cpe:/o:netgear:xs708e_firmware:*:*:*:*:*:*:*:* (Version < 1.6.0.23)AND cpe:/h:netgear:xs708e:v2:*:*:*:*:*:*:* Configuration 20 :cpe:/o:netgear:xs716e_firmware:*:*:*:*:*:*:*:* (Version < 1.6.0.23)AND cpe:/h:netgear:xs716e:-:*:*:*:*:*:*:* Configuration 21 :cpe:/o:netgear:xs724em_firmware:*:*:*:*:*:*:*:* (Version < 1.0.1.1)AND cpe:/h:netgear:xs724em:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:netgear:jgs516pe_firmware:2.6.0:*:*:*:*:*:*:* OR cpe:/o:netgear:gs408epp_firmware:1.0.0.15:*:*:*:*:*:*:* OR cpe:/o:netgear:gs105pe_firmware:1.6.0.4:*:*:*:*:*:*:* OR cpe:/o:netgear:gss108epp_firmware:1.0.0.15:*:*:*:*:*:*:* OR cpe:/o:netgear:gs908e_firmware:1.7.0.3:*:*:*:*:*:*:* OR cpe:/o:netgear:gs808e_firmware:1.7.0.7:*:*:*:*:*:*:* OR cpe:/o:netgear:gs105ev2_firmware:1.6.0:*:*:*:*:*:*:* OR cpe:/o:netgear:gss108e_firmware:1.6.0.4:*:*:*:*:*:*:* OR cpe:/o:netgear:xs716e_firmware:1.6.0.23:*:*:*:*:*:*:* OR cpe:/o:netgear:gs116ev2_firmware:2.6.0:*:*:*:*:*:*:* OR cpe:/o:netgear:gs108pev3_firmware:2.06:*:*:*:*:*:*:* OR cpe:/o:netgear:gs108ev3_firmware:2.06:*:*:*:*:*:*:* OR cpe:/o:netgear:gs810emx_firmware:1.7.1.1:*:*:*:*:*:*:* OR cpe:/o:netgear:xs512em_firmware:1.0.1.1:*:*:*:*:*:*:* OR cpe:/o:netgear:gs110emx_firmware:1.0.1.4:*:*:*:*:*:*:* OR cpe:/o:netgear:xs708ev2_firmware:1.6.0:*:*:*:*:*:*:* OR cpe:/o:netgear:gss116e_firmware:1.6.0.9:*:*:*:*:*:*:* OR cpe:/o:netgear:xs724em_firmware:1.0.1.1:*:*:*:*:*:*:* OR cpe:/o:netgear:jgs524pe_firmware:2.6.0.35:*:*:*:*:*:*:* OR cpe:/o:netgear:jgs524ev2_firmware:2.6.0:*:*:*:*:*:*:* OR cpe:/o:netgear:fs728tlp_firmware:1.0.1.26:*:*:*:*:*:*:* BACK
netgear fs728tlp firmware *
netgear fs728tlp -
netgear gs105e firmware *
netgear gs105e v2
netgear gs105pe firmware *
netgear gs105pe -
netgear gs108e firmware *
netgear gs108e v3
netgear gs108pe firmware *
netgear gs108pe v3
netgear gs110emx firmware *
netgear gs110emx -
netgear gs116e firmware *
netgear gs116e v2
netgear gs408epp firmware *
netgear gs408epp -
netgear gs808e firmware *
netgear gs808e -
netgear gs810emx firmware *
netgear gs810emx -
netgear gs908e firmware *
netgear gs908e -
netgear gss108e firmware *
netgear gss108e -
netgear gss108epp firmware *
netgear gss108epp -
netgear gss116e firmware *
netgear gss116e -
netgear jgs516pe firmware *
netgear jgs516pe -
netgear jgs524e firmware *
netgear jgs524e v2
netgear jgs524pe firmware *
netgear jgs524pe -
netgear xs512em firmware *
netgear xs512em -
netgear xs708e firmware *
netgear xs708e v2
netgear xs716e firmware *
netgear xs716e -
netgear xs724em firmware *
netgear xs724em -
netgear jgs516pe firmware 2.6.0
netgear gs408epp firmware 1.0.0.15
netgear gs105pe firmware 1.6.0.4
netgear gss108epp firmware 1.0.0.15
netgear gs908e firmware 1.7.0.3
netgear gs808e firmware 1.7.0.7
netgear gs105ev2 firmware 1.6.0
netgear gss108e firmware 1.6.0.4
netgear xs716e firmware 1.6.0.23
netgear gs116ev2 firmware 2.6.0
netgear gs108pev3 firmware 2.06
netgear gs108ev3 firmware 2.06
netgear gs810emx firmware 1.7.1.1
netgear xs512em firmware 1.0.1.1
netgear gs110emx firmware 1.0.1.4
netgear xs708ev2 firmware 1.6.0
netgear gss116e firmware 1.6.0.9
netgear xs724em firmware 1.0.1.1
netgear jgs524pe firmware 2.6.0.35
netgear jgs524ev2 firmware 2.6.0
netgear fs728tlp firmware 1.0.1.26
Denotes that component is vulnerable