Vulnerability Name: CVE-2019-20712 (CCN-180413) Assigned: 2019-09-04 Published: 2019-09-04 Updated: 2020-04-23 Summary: Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000v2 before 1.0.0.53, D8500 before 1.0.3.44, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, R6250 before 1.0.4.34, R6300v2 before 1.0.4.32, R6400 before 1.0.1.46, R6400v2 before 1.0.2.62, R6700 before 1.0.2.6, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R7000 before 1.0.9.60, R7000P before 1.3.1.64, R7100LG before 1.0.0.52, R7300DST before 1.0.0.70, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.28, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, WNDR3400v3 before 1.0.1.24, and WNR3500Lv2 before 1.2.0.56. CVSS v3 Severity: 6.8 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 5.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): AdjacentAttack Complexity (AC): LowPrivileges Required (PR): HighUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
6.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 5.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): AdjacentAttack Complexity (AC): LowPrivileges Required (PR): HighUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 5.2 Medium (CVSS v2 Vector: AV:A/AC:L/Au:S/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): Adjacent_NetworkAccess Complexity (AC): LowAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
7.7 High (CCN CVSS v2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): Adjacent_NetworkAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-120 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2019-20712 netgear-cve201920712-bo(180413) Security Advisory for Post-Authentication Buffer Overflow on Some Routers and Gateways https://kb.netgear.com/000061216/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0323 Vulnerable Configuration: Configuration 1 :cpe:/o:netgear:d6220_firmware:*:*:*:*:*:*:*:* (Version < 1.0.0.52)AND cpe:/h:netgear:d6220:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:netgear:d6400_firmware:*:*:*:*:*:*:*:* (Version < 1.0.0.86)AND cpe:/h:netgear:d6400:-:*:*:*:*:*:*:* Configuration 3 :cpe:/o:netgear:d7000_firmware:*:*:*:*:*:*:*:* (Version < 1.0.0.53)AND cpe:/h:netgear:d7000:v2:*:*:*:*:*:*:* Configuration 4 :cpe:/o:netgear:d8500_firmware:*:*:*:*:*:*:*:* (Version < 1.0.3.44)AND cpe:/h:netgear:d8500:-:*:*:*:*:*:*:* Configuration 5 :cpe:/o:netgear:dgn2200_firmware:*:*:*:*:*:*:*:* (Version < 1.0.0.110)AND cpe:/h:netgear:dgn2200:v4:*:*:*:*:*:*:* Configuration 6 :cpe:/o:netgear:dgnd2200b_firmware:*:*:*:*:*:*:*:* (Version < 1.0.0.109)AND cpe:/h:netgear:dgnd2200b:v4:*:*:*:*:*:*:* Configuration 7 :cpe:/o:netgear:r6250_firmware:*:*:*:*:*:*:*:* (Version < 1.0.4.34)AND cpe:/h:netgear:r6250:-:*:*:*:*:*:*:* Configuration 8 :cpe:/o:netgear:r6300_firmware:*:*:*:*:*:*:*:* (Version < 1.0.4.32)AND cpe:/h:netgear:r6300:v2:*:*:*:*:*:*:* Configuration 9 :cpe:/o:netgear:r6400_firmware:*:*:*:*:*:*:*:* (Version < 1.0.1.46)AND cpe:/h:netgear:r6400:-:*:*:*:*:*:*:* Configuration 10 :cpe:/o:netgear:r6400_firmware:*:*:*:*:*:*:*:* (Version < 1.0.2.62)AND cpe:/h:netgear:r6400:v2:*:*:*:*:*:*:* Configuration 11 :cpe:/o:netgear:r6700_firmware:*:*:*:*:*:*:*:* (Version < 1.0.2.6)AND cpe:/h:netgear:r6700:-:*:*:*:*:*:*:* Configuration 12 :cpe:/o:netgear:r6900_firmware:*:*:*:*:*:*:*:* (Version < 1.0.2.4)AND cpe:/h:netgear:r6900:-:*:*:*:*:*:*:* Configuration 13 :cpe:/o:netgear:r6900p_firmware:*:*:*:*:*:*:*:* (Version < 1.3.1.64)AND cpe:/h:netgear:r6900p:-:*:*:*:*:*:*:* Configuration 14 :cpe:/o:netgear:r7000_firmware:*:*:*:*:*:*:*:* (Version < 1.0.9.60)AND cpe:/h:netgear:r7000:-:*:*:*:*:*:*:* Configuration 15 :cpe:/o:netgear:r7000p_firmware:*:*:*:*:*:*:*:* (Version < 1.3.1.64)AND cpe:/h:netgear:r7000p:-:*:*:*:*:*:*:* Configuration 16 :cpe:/o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:* (Version < 1.0.0.52)AND cpe:/h:netgear:r7100lg:-:*:*:*:*:*:*:* Configuration 17 :cpe:/o:netgear:r7300dst_firmware:*:*:*:*:*:*:*:* (Version < 1.0.0.70)AND cpe:/h:netgear:r7300dst:-:*:*:*:*:*:*:* Configuration 18 :cpe:/o:netgear:r7900_firmware:*:*:*:*:*:*:*:* (Version < 1.0.3.8)AND cpe:/h:netgear:r7900:-:*:*:*:*:*:*:* Configuration 19 :cpe:/o:netgear:r7900p_firmware:*:*:*:*:*:*:*:* (Version < 1.4.1.30)AND cpe:/h:netgear:r7900p:-:*:*:*:*:*:*:* Configuration 20 :cpe:/o:netgear:r8000_firmware:*:*:*:*:*:*:*:* (Version < 1.0.4.28)AND cpe:/h:netgear:r8000:-:*:*:*:*:*:*:* Configuration 21 :cpe:/o:netgear:r8000p_firmware:*:*:*:*:*:*:*:* (Version < 1.4.1.30)AND cpe:/h:netgear:r8000p:-:*:*:*:*:*:*:* Configuration 22 :cpe:/o:netgear:r8300_firmware:*:*:*:*:*:*:*:* (Version < 1.0.2.128)AND cpe:/h:netgear:r8300:-:*:*:*:*:*:*:* Configuration 23 :cpe:/o:netgear:r8500_firmware:*:*:*:*:*:*:*:* (Version < 1.0.2.128)AND cpe:/h:netgear:r8500:-:*:*:*:*:*:*:* Configuration 24 :cpe:/o:netgear:wndr3400_firmware:*:*:*:*:*:*:*:* (Version < 1.0.1.24)AND cpe:/h:netgear:wndr3400:v3:*:*:*:*:*:*:* Configuration 25 :cpe:/o:netgear:wnr3500l_firmware:*:*:*:*:*:*:*:* (Version < 1.2.0.56)AND cpe:/h:netgear:wnr3500l:v2:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:netgear:r6700_firmware:1.0.2:*:*:*:*:*:*:* OR cpe:/o:netgear:r6900_firmware:1.0.2:*:*:*:*:*:*:* OR cpe:/o:netgear:r7900_firmware:1.0.3:*:*:*:*:*:*:* OR cpe:/o:netgear:r7000_firmware:1.0.9:*:*:*:*:*:*:* OR cpe:/h:netgear:r8300:-:*:*:*:*:*:*:* OR cpe:/h:netgear:r8500:-:*:*:*:*:*:*:* OR cpe:/o:netgear:r6300v2_firmware:1.0.4:*:*:*:*:*:*:* OR cpe:/o:netgear:r7300dst_firmware:1.0.0:*:*:*:*:*:*:* OR cpe:/o:netgear:r6400_firmware:1.0.1:*:*:*:*:*:*:* OR cpe:/o:netgear:wndr3400v3_firmware:1.0.1:*:*:*:*:*:*:* OR cpe:/o:netgear:r6900p_firmware:1.3.1:*:*:*:*:*:*:* OR cpe:/o:netgear:r7000p_firmware:1.3.1:*:*:*:*:*:*:* OR cpe:/o:netgear:r8000_firmware:1.0.4:*:*:*:*:*:*:* OR cpe:/o:netgear:r7100lg_firmware:1.0.0:*:*:*:*:*:*:* OR cpe:/o:netgear:r7900p_firmware:1.4.1:*:*:*:*:*:*:* OR cpe:/o:netgear:d8500_firmware:1.0.3:*:*:*:*:*:*:* OR cpe:/o:netgear:r8000p_firmware:1.4.1:*:*:*:*:*:*:* OR cpe:/o:netgear:d6220_firmware:1.0.0:*:*:*:*:*:*:* OR cpe:/o:netgear:d6400_firmware:1.0.0:*:*:*:*:*:*:* OR cpe:/o:netgear:d7000v2_firmware:1.0.0:*:*:*:*:*:*:* OR cpe:/o:netgear:r6250_firmware:1.0.4:*:*:*:*:*:*:* OR cpe:/o:netgear:r6400v2_firmware:1.0.2:*:*:*:*:*:*:* OR cpe:/o:netgear:wnr3500lv2_firmware:1.2.0:*:*:*:*:*:*:* OR cpe:/o:netgear:dgnd2200bv4_firmware:1.0.0:*:*:*:*:*:*:* OR cpe:/o:netgear:dgn2200v4_firmware:1.0.0:*:*:*:*:*:*:* BACK
netgear d6220 firmware *
netgear d6220 -
netgear d6400 firmware *
netgear d6400 -
netgear d7000 firmware *
netgear d7000 v2
netgear d8500 firmware *
netgear d8500 -
netgear dgn2200 firmware *
netgear dgn2200 v4
netgear dgnd2200b firmware *
netgear dgnd2200b v4
netgear r6250 firmware *
netgear r6250 -
netgear r6300 firmware *
netgear r6300 v2
netgear r6400 firmware *
netgear r6400 -
netgear r6400 firmware *
netgear r6400 v2
netgear r6700 firmware *
netgear r6700 -
netgear r6900 firmware *
netgear r6900 -
netgear r6900p firmware *
netgear r6900p -
netgear r7000 firmware *
netgear r7000 -
netgear r7000p firmware *
netgear r7000p -
netgear r7100lg firmware *
netgear r7100lg -
netgear r7300dst firmware *
netgear r7300dst -
netgear r7900 firmware *
netgear r7900 -
netgear r7900p firmware *
netgear r7900p -
netgear r8000 firmware *
netgear r8000 -
netgear r8000p firmware *
netgear r8000p -
netgear r8300 firmware *
netgear r8300 -
netgear r8500 firmware *
netgear r8500 -
netgear wndr3400 firmware *
netgear wndr3400 v3
netgear wnr3500l firmware *
netgear wnr3500l v2
netgear r6700 firmware 1.0.2
netgear r6900 firmware 1.0.2
netgear r7900 firmware 1.0.3
netgear r7000 firmware 1.0.9
netgear r8300 -
netgear r8500 -
netgear r6300v2 firmware 1.0.4
netgear r7300dst firmware 1.0.0
netgear r6400 firmware 1.0.1
netgear wndr3400v3 firmware 1.0.1
netgear r6900p firmware 1.3.1
netgear r7000p firmware 1.3.1
netgear r8000 firmware 1.0.4
netgear r7100lg firmware 1.0.0
netgear r7900p firmware 1.4.1
netgear d8500 firmware 1.0.3
netgear r8000p firmware 1.4.1
netgear d6220 firmware 1.0.0
netgear d6400 firmware 1.0.0
netgear d7000v2 firmware 1.0.0
netgear r6250 firmware 1.0.4
netgear r6400v2 firmware 1.0.2
netgear wnr3500lv2 firmware 1.2.0
netgear dgnd2200bv4 firmware 1.0.0
netgear dgn2200v4 firmware 1.0.0
Denotes that component is vulnerable