CVE-2019-20762
Severity CVSS v4.0:
Pending analysis
Type:
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Publication date:
16/04/2020
Last modified:
22/04/2020
Description
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D8500 before 1.0.3.43, R8500 before 1.0.2.128, R8300 before 1.0.2.128, R8000 before 1.0.4.28, R7300DST before 1.0.0.68, R7100LG before 1.0.0.48, R6900P before 1.3.1.44, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R7000P before 1.3.1.44, R7000 before 1.0.9.34, R6900 before 1.0.2.4, R6700 before 1.0.2.6, and R6400 before 1.0.1.44.
Impact
Base Score 3.x
6.80
Severity 3.x
MEDIUM
Base Score 2.0
5.20
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:* | 1.0.3.43 (excluding) | |
| cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:* | 1.0.2.128 (excluding) | |
| cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:* | 1.0.2.128 (excluding) | |
| cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:* | 1.0.4.28 (excluding) | |
| cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:r7300dst_firmware:*:*:*:*:*:*:*:* | 1.0.0.68 (excluding) | |
| cpe:2.3:h:netgear:r7300dst:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:* | 1.0.0.48 (excluding) | |
| cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:* | 1.3.1.44 (excluding) | |
| cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:* | 1.4.1.30 (excluding) |
To consult the complete list of CPE names with products and versions, see this page