Sign-up

ID

VAR-202003-0851


CVE

CVE-2019-19964


TITLE

NETGEAR GS728TPS Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-015155

DESCRIPTION

On NETGEAR GS728TPS devices through 5.3.0.35, a remote attacker having network connectivity to the web-administration panel can access part of the web panel, bypassing authentication. NETGEAR GS728TPS There is an authentication vulnerability in the device.Information may be obtained. NETGEAR GS728TPS is an intelligent management switch of NETGEAR

Trust: 2.16

sources: NVD: CVE-2019-19964 // JVNDB: JVNDB-2019-015155 // CNVD: CNVD-2020-19510

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-19510

AFFECTED PRODUCTS

vendor:netgearmodel:gs728tpsscope:ltversion:5.3.0.36

Trust: 1.0

vendor:netgearmodel:gs728tpsscope:eqversion:5.3.0.35

Trust: 0.8

vendor:netgearmodel:gs728tpsscope:lteversion:<=5.3.0.35

Trust: 0.6

sources: CNVD: CNVD-2020-19510 // JVNDB: JVNDB-2019-015155 // NVD: CVE-2019-19964

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19964
value: LOW

Trust: 1.0

NVD: JVNDB-2019-015155
value: LOW

Trust: 0.8

CNVD: CNVD-2020-19510
value: LOW

Trust: 0.6

CNNVD: CNNVD-202003-1314
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2019-19964
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015155
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-19510
severity: LOW
baseScore: 3.3
vectorString: AV:N/AC:L/AU:M/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-19964
baseSeverity: LOW
baseScore: 2.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015155
baseSeverity: LOW
baseScore: 2.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-19510 // JVNDB: JVNDB-2019-015155 // CNNVD: CNNVD-202003-1314 // NVD: CVE-2019-19964

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-287

Trust: 0.8

sources: JVNDB: JVNDB-2019-015155 // NVD: CVE-2019-19964

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1314

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202003-1314

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015155

PATCH
title:Security Advisory for Missing Function Level Access Control on GS728TPS, PSV-2020-0012url:https://kb.netgear.com/000061738/Security-Advisory-for-Missing-Function-Level-Access-Control-on-GS728TPS-PSV-2020-0012
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-015155

EXTERNAL IDS
db:NVDid:CVE-2019-19964
Trust: 3.0
db:JVNDBid:JVNDB-2019-015155
Trust: 0.8
db:CNVDid:CNVD-2020-19510
Trust: 0.6
db:CNNVDid:CNNVD-202003-1314
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-19510 // 
            
            
            
            JVNDB: JVNDB-2019-015155 // 
            
            
            
            CNNVD: CNNVD-202003-1314 // 
            
            
            
            NVD: CVE-2019-19964

REFERENCES
url:https://kb.netgear.com/000061738/security-advisory-for-missing-function-level-access-control-on-gs728tps-psv-2020-0012
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-19964
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19964
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-015155 // 
            
            
            
            CNNVD: CNNVD-202003-1314 // 
            
            
            
            NVD: CVE-2019-19964

SOURCES
db:CNVDid:CNVD-2020-19510
db:JVNDBid:JVNDB-2019-015155
db:CNNVDid:CNNVD-202003-1314
db:NVDid:CVE-2019-19964

LAST UPDATE DATE
2024-11-23T22:25:35.196000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-19510date:2020-03-25T00:00:00
db:JVNDBid:JVNDB-2019-015155date:2020-04-08T00:00:00
db:CNNVDid:CNNVD-202003-1314date:2020-08-25T00:00:00
db:NVDid:CVE-2019-19964date:2024-11-21T04:35:45.500

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-19510date:2020-03-25T00:00:00
db:JVNDBid:JVNDB-2019-015155date:2020-04-08T00:00:00
db:CNNVDid:CNNVD-202003-1314date:2020-03-23T00:00:00
db:NVDid:CVE-2019-19964date:2020-03-23T14:15:13.110