Vulnerability Name:

CVE-2020-35799 (CCN-193602)

Assigned:2020-12-16
Published:2020-12-16
Updated:2021-01-04
Summary:Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.78, D6200 before 1.1.00.32, D7000 before 1.0.1.68, D7800 before 1.0.1.56, DM200 before 1.0.0.61, EX2700 before 1.0.1.52, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.74, EX6400 before 1.0.2.140, EX7300 before 1.0.2.140, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R7500v2 before 1.0.3.40, R7800 before 1.0.2.62, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN2000RPTv3 before 1.0.1.34, WN3000RPv2 before 1.0.0.78, WN3000RPv2 before 1.0.0.78, WN3000RPv3 before 1.0.2.78, WN3100RPv2 before 1.0.0.66, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, XR450 before 2.3.2.32, and XR500 before 2.3.2.32.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
8.3 High (CCN CVSS v2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-787
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2020-35799

Source: XF
Type: UNKNOWN
netgear-psv20180296-bo(193602)

Source: CCN
Type: NETGEAR Security Advisory: 000062709
Security Advisory for Pre-Authentication Stack Overflow on Some Routers, Range Extenders, and WiFi Systems

Source: MISC
Type: Vendor Advisory
https://kb.netgear.com/000062709/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-Range-Extenders-and-WiFi-Systems-PSV-2018-0296

Vulnerable Configuration:Configuration 1:
  • cpe:/o:netgear:d3600_firmware:*:*:*:*:*:*:*:* (Version < 1.0.0.76)
  • AND
  • cpe:/h:netgear:d3600:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:netgear:d6000_firmware:*:*:*:*:*:*:*:* (Version < 1.0.078)
  • AND
  • cpe:/h:netgear:d6000:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:netgear:d6200_firmware:*:*:*:*:*:*:*:* (Version < 1.1.00.32)
  • AND
  • cpe:/h:netgear:d6200:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:netgear:d7000_firmware:*:*:*:*:*:*:*:* (Version < 1.0.1.68)
  • AND
  • cpe:/h:netgear:d7000:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:netgear:d7800_firmware:*:*:*:*:*:*:*:* (Version < 1.0.1.56)
  • AND
  • cpe:/h:netgear:d7800:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:netgear:dm200_firmware:*:*:*:*:*:*:*:* (Version < 1.0.0.61)
  • AND
  • cpe:/h:netgear:dm200:-:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:netgear:ex2700_firmware:*:*:*:*:*:*:*:* (Version < 1.0.1.52)
  • AND
  • cpe:/h:netgear:ex2700:-:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/o:netgear:ex6100v2_firmware:*:*:*:*:*:*:*:* (Version < 1.0.1.76)
  • AND
  • cpe:/h:netgear:ex6100v2:-:*:*:*:*:*:*:*

    • Configuration 9:
  • cpe:/o:netgear:ex6150v2_firmware:*:*:*:*:*:*:*:* (Version < 1.0.1.76)
  • AND
  • cpe:/h:netgear:ex6150v2:-:*:*:*:*:*:*:*

    • Configuration 10:
  • cpe:/o:netgear:ex6200v2_firmware:*:*:*:*:*:*:*:* (Version < 1.0.1.74)
  • AND
  • cpe:/h:netgear:ex6200v2:-:*:*:*:*:*:*:*

    • Configuration 11:
  • cpe:/o:netgear:ex6400_firmware:*:*:*:*:*:*:*:* (Version < 1.0.2.140)
  • AND
  • cpe:/h:netgear:ex6400:-:*:*:*:*:*:*:*

    • Configuration 12:
  • cpe:/o:netgear:ex7300_firmware:*:*:*:*:*:*:*:* (Version < 1.0.2.140)
  • AND
  • cpe:/h:netgear:ex7300:-:*:*:*:*:*:*:*

    • Configuration 13:
  • cpe:/o:netgear:ex8000_firmware:*:*:*:*:*:*:*:* (Version < 1.0.1.186)
  • AND
  • cpe:/h:netgear:ex8000:-:*:*:*:*:*:*:*

    • Configuration 14:
  • cpe:/o:netgear:jr6150_firmware:*:*:*:*:*:*:*:* (Version < 1.0.1.18)
  • AND
  • cpe:/h:netgear:jr6150:-:*:*:*:*:*:*:*

    • Configuration 15:
  • cpe:/o:netgear:pr2000_firmware:*:*:*:*:*:*:*:* (Version < 1.0.0.28)
  • AND
  • cpe:/h:netgear:pr2000:-:*:*:*:*:*:*:*

    • Configuration 16:
  • cpe:/o:netgear:r6020_firmware:*:*:*:*:*:*:*:* (Version < 1.0.0.38)
  • AND
  • cpe:/h:netgear:r6020:-:*:*:*:*:*:*:*

    • Configuration 17:
  • cpe:/o:netgear:r6050_firmware:*:*:*:*:*:*:*:* (Version < 1.0.1.18)
  • AND
  • cpe:/h:netgear:r6050:-:*:*:*:*:*:*:*

    • Configuration 18:
  • cpe:/o:netgear:r6080_firmware:*:*:*:*:*:*:*:* (Version < 1.0.0.38)
  • AND
  • cpe:/h:netgear:r6080:-:*:*:*:*:*:*:*

    • Configuration 19:
  • cpe:/o:netgear:r6120_firmware:*:*:*:*:*:*:*:* (Version < 1.0.0.46)
  • AND
  • cpe:/h:netgear:r6120:-:*:*:*:*:*:*:*

    • Configuration 20:
  • cpe:/o:netgear:r6220_firmware:*:*:*:*:*:*:*:* (Version < 1.1.0.80)
  • AND
  • cpe:/h:netgear:r6220:-:*:*:*:*:*:*:*

    • Configuration 21:
  • cpe:/o:netgear:r6230_firmware:*:*:*:*:*:*:*:* (Version < 1.1.0.80)
  • AND
  • cpe:/h:netgear:r6230:-:*:*:*:*:*:*:*

    • Configuration 22:
  • cpe:/o:netgear:r6260_firmware:*:*:*:*:*:*:*:* (Version < 1.1.0.40)
  • AND
  • cpe:/h:netgear:r6260:-:*:*:*:*:*:*:*

    • Configuration 23:
  • cpe:/o:netgear:r6700v2_firmware:*:*:*:*:*:*:*:* (Version < 1.2.0.36)
  • AND
  • cpe:/h:netgear:r6700v2:-:*:*:*:*:*:*:*

    • Configuration 24:
  • cpe:/o:netgear:r6800_firmware:*:*:*:*:*:*:*:* (Version < 1.2.0.36)
  • AND
  • cpe:/h:netgear:r6800:-:*:*:*:*:*:*:*

    • Configuration 25:
  • cpe:/o:netgear:r6900v2_firmware:*:*:*:*:*:*:*:* (Version < 1.2.0.36)
  • AND
  • cpe:/h:netgear:r6900v2:-:*:*:*:*:*:*:*

    • Configuration 26:
  • cpe:/o:netgear:r7500v2_firmware:*:*:*:*:*:*:*:* (Version < 1.0.3.40)
  • AND
  • cpe:/h:netgear:r7500v2:-:*:*:*:*:*:*:*

    • Configuration 27:
  • cpe:/o:netgear:r7800_firmware:*:*:*:*:*:*:*:* (Version < 1.0.2.62)
  • AND
  • cpe:/h:netgear:r7800:-:*:*:*:*:*:*:*

    • Configuration 28:
  • cpe:/o:netgear:r8900_firmware:*:*:*:*:*:*:*:* (Version < 1.0.4.12)
  • AND
  • cpe:/h:netgear:r8900:-:*:*:*:*:*:*:*

    • Configuration 29:
  • cpe:/o:netgear:r9000_firmware:*:*:*:*:*:*:*:* (Version < 1.0.4.12)
  • AND
  • cpe:/h:netgear:r9000:-:*:*:*:*:*:*:*

    • Configuration 30:
  • cpe:/o:netgear:rbk20_firmware:*:*:*:*:*:*:*:* (Version < 2.3.0.28)
  • AND
  • cpe:/h:netgear:rbk20:-:*:*:*:*:*:*:*

    • Configuration 31:
  • cpe:/o:netgear:rbr20_firmware:*:*:*:*:*:*:*:* (Version < 2.3.0.28)
  • AND
  • cpe:/h:netgear:rbr20:-:*:*:*:*:*:*:*

    • Configuration 32:
  • cpe:/o:netgear:rbs20_firmware:*:*:*:*:*:*:*:* (Version < 2.3.0.28)
  • AND
  • cpe:/h:netgear:rbs20:-:*:*:*:*:*:*:*

    • Configuration 33:
  • cpe:/o:netgear:rbk40_firmware:*:*:*:*:*:*:*:* (Version < 2.3.0.28)
  • AND
  • cpe:/h:netgear:rbk40:-:*:*:*:*:*:*:*

    • Configuration 34:
  • cpe:/o:netgear:rbr40_firmware:*:*:*:*:*:*:*:* (Version < 2.3.0.28)
  • AND
  • cpe:/h:netgear:rbr40:-:*:*:*:*:*:*:*

    • Configuration 35:
  • cpe:/o:netgear:rbs40_firmware:*:*:*:*:*:*:*:* (Version < 2.3.0.28)
  • AND
  • cpe:/h:netgear:rbs40:-:*:*:*:*:*:*:*

    • Configuration 36:
  • cpe:/o:netgear:rbk50_firmware:*:*:*:*:*:*:*:* (Version < 2.3.0.32)
  • AND
  • cpe:/h:netgear:rbk50:-:*:*:*:*:*:*:*

    • Configuration 37:
  • cpe:/o:netgear:rbr50_firmware:*:*:*:*:*:*:*:* (Version < 2.3.0.32)
  • AND
  • cpe:/h:netgear:rbr50:-:*:*:*:*:*:*:*

    • Configuration 38:
  • cpe:/o:netgear:rbs50_firmware:*:*:*:*:*:*:*:* (Version < 2.3.0.32)
  • AND
  • cpe:/h:netgear:rbs50:-:*:*:*:*:*:*:*

    • Configuration 39:
  • cpe:/o:netgear:wn2000rptv3_firmware:*:*:*:*:*:*:*:* (Version < 1.0.1.34)
  • AND
  • cpe:/h:netgear:wn2000rptv3:-:*:*:*:*:*:*:*

    • Configuration 40:
  • cpe:/o:netgear:wn3000rpv2_firmware:*:*:*:*:*:*:*:* (Version < 1.0.0.78)
  • AND
  • cpe:/h:netgear:wn3000rpv2:-:*:*:*:*:*:*:*

    • Configuration 41:
  • cpe:/o:netgear:wn3000rpv2_firmware:*:*:*:*:*:*:*:* (Version < 1.0.0.78)
  • AND
  • cpe:/h:netgear:wn3000rpv2:-:*:*:*:*:*:*:*

    • Configuration 42:
  • cpe:/o:netgear:wn3000rpv3_firmware:*:*:*:*:*:*:*:* (Version < 1.0.2.78)
  • AND
  • cpe:/h:netgear:wn3000rpv3:-:*:*:*:*:*:*:*

    • Configuration 43:
  • cpe:/o:netgear:wn3100rpv2_firmware:*:*:*:*:*:*:*:* (Version < 1.0.0.66)
  • AND
  • cpe:/h:netgear:wn3100rpv2:-:*:*:*:*:*:*:*

    • Configuration 44:
  • cpe:/o:netgear:wnr2000v5_firmware:*:*:*:*:*:*:*:* (Version < 1.0.0.70)
  • AND
  • cpe:/h:netgear:wnr2000v5:-:*:*:*:*:*:*:*

    • Configuration 45:
  • cpe:/o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:* (Version < 1.1.0.62)
  • AND
  • cpe:/h:netgear:wnr2020:-:*:*:*:*:*:*:*

    • Configuration 46:
  • cpe:/o:netgear:xr450_firmware:2.3.2.32:*:*:*:*:*:*:*
  • AND
  • cpe:/h:netgear:xr450:-:*:*:*:*:*:*:*

    • Configuration 47:
  • cpe:/o:netgear:xr500_firmware:2.3.2.32:*:*:*:*:*:*:*
  • AND
  • cpe:/h:netgear:xr500:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:netgear:ex6200v2_firmware:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:netgear:wn2000rptv3_firmware:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:netgear:ex6100v2_firmware:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:netgear:ex6150v2_firmware:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:netgear:wn3000rpv3_firmware:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:netgear:wn3100rpv2_firmware:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:r6220:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:d3600:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:d6000:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:d6200:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:jr6150:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rbr50:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rbs50:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rbk50:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:r9000:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:r7500:v2:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:r7800:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:wnr2000:v5:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:r6120:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:r6800:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:r6020:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:r6260:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:r6080:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:d7000:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:r6050:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:r6700:v2:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:r6900:v2:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:pr2000:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:r6230:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:r8900:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rbk20:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rbr20:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rbs20:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rbk40:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rbr40:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:rbs40:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:wn3000rp:v2:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:xr450:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:d7800:-:*:*:*:*:*:*:*
  • OR cpe:/h:netgear:xr500:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    netgear d3600 firmware *
    netgear d3600 -
    netgear d6000 firmware *
    netgear d6000 -
    netgear d6200 firmware *
    netgear d6200 -
    netgear d7000 firmware *
    netgear d7000 -
    netgear d7800 firmware *
    netgear d7800 -
    netgear dm200 firmware *
    netgear dm200 -
    netgear ex2700 firmware *
    netgear ex2700 -
    netgear ex6100v2 firmware *
    netgear ex6100v2 -
    netgear ex6150v2 firmware *
    netgear ex6150v2 -
    netgear ex6200v2 firmware *
    netgear ex6200v2 -
    netgear ex6400 firmware *
    netgear ex6400 -
    netgear ex7300 firmware *
    netgear ex7300 -
    netgear ex8000 firmware *
    netgear ex8000 -
    netgear jr6150 firmware *
    netgear jr6150 -
    netgear pr2000 firmware *
    netgear pr2000 -
    netgear r6020 firmware *
    netgear r6020 -
    netgear r6050 firmware *
    netgear r6050 -
    netgear r6080 firmware *
    netgear r6080 -
    netgear r6120 firmware *
    netgear r6120 -
    netgear r6220 firmware *
    netgear r6220 -
    netgear r6230 firmware *
    netgear r6230 -
    netgear r6260 firmware *
    netgear r6260 -
    netgear r6700v2 firmware *
    netgear r6700v2 -
    netgear r6800 firmware *
    netgear r6800 -
    netgear r6900v2 firmware *
    netgear r6900v2 -
    netgear r7500v2 firmware *
    netgear r7500v2 -
    netgear r7800 firmware *
    netgear r7800 -
    netgear r8900 firmware *
    netgear r8900 -
    netgear r9000 firmware *
    netgear r9000 -
    netgear rbk20 firmware *
    netgear rbk20 -
    netgear rbr20 firmware *
    netgear rbr20 -
    netgear rbs20 firmware *
    netgear rbs20 -
    netgear rbk40 firmware *
    netgear rbk40 -
    netgear rbr40 firmware *
    netgear rbr40 -
    netgear rbs40 firmware *
    netgear rbs40 -
    netgear rbk50 firmware *
    netgear rbk50 -
    netgear rbr50 firmware *
    netgear rbr50 -
    netgear rbs50 firmware *
    netgear rbs50 -
    netgear wn2000rptv3 firmware *
    netgear wn2000rptv3 -
    netgear wn3000rpv2 firmware *
    netgear wn3000rpv2 -
    netgear wn3000rpv2 firmware *
    netgear wn3000rpv2 -
    netgear wn3000rpv3 firmware *
    netgear wn3000rpv3 -
    netgear wn3100rpv2 firmware *
    netgear wn3100rpv2 -
    netgear wnr2000v5 firmware *
    netgear wnr2000v5 -
    netgear wnr2020 firmware *
    netgear wnr2020 -
    netgear xr450 firmware 2.3.2.32
    netgear xr450 -
    netgear xr500 firmware 2.3.2.32
    netgear xr500 -
    netgear ex6200v2 firmware 1.0.1
    netgear wn2000rptv3 firmware 1.0.1
    netgear ex6100v2 firmware 1.0.1
    netgear ex6150v2 firmware 1.0.1
    netgear wn3000rpv3 firmware 1.0.2
    netgear wn3100rpv2 firmware 1.0.0
    netgear r6220 -
    netgear d3600 -
    netgear d6000 -
    netgear d6200 -
    netgear jr6150 -
    netgear rbr50 -
    netgear rbs50 -
    netgear rbk50 -
    netgear r9000 -
    netgear r7500 v2
    netgear r7800 -
    netgear wnr2000 v5
    netgear r6120 -
    netgear r6800 -
    netgear r6020 -
    netgear r6260 -
    netgear r6080 -
    netgear d7000 -
    netgear r6050 -
    netgear r6700 v2
    netgear r6900 v2
    netgear pr2000 -
    netgear r6230 -
    netgear r8900 -
    netgear rbk20 -
    netgear rbr20 -
    netgear rbs20 -
    netgear rbk40 -
    netgear rbr40 -
    netgear rbs40 -
    netgear wn3000rp v2
    netgear xr450 -
    netgear d7800 -
    netgear xr500 -