Sign-up

ID

VAR-202004-0906


CVE

CVE-2019-20697


TITLE

plural NETGEAR Out-of-bounds write vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-015427

DESCRIPTION

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects GS728TPPv2 before 6.0.0.48, GS728TPv2 before 6.0.0.48, GS750E before 1.0.1.4, GS752TPP before 6.0.0.48, and GS752TPv2 before 6.0.0.48. plural NETGEAR The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR GS728TPP and so on are all a kind of switchboard of NETGEAR company. The vulnerability stems from the fact that the network system or product performs an operation on the memory, and the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations

Trust: 2.16

sources: NVD: CVE-2019-20697 // JVNDB: JVNDB-2019-015427 // CNVD: CNVD-2020-30760

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-30760

AFFECTED PRODUCTS

vendor:netgearmodel:gs750escope:ltversion:1.0.1.4

Trust: 1.6

vendor:netgearmodel:gs752tppscope:ltversion:6.0.0.48

Trust: 1.6

vendor:netgearmodel:gs752tpscope:ltversion:6.0.0.48

Trust: 1.0

vendor:netgearmodel:gs728tpscope:ltversion:6.0.0.48

Trust: 1.0

vendor:netgearmodel:gs728tppscope:ltversion:6.0.0.48

Trust: 1.0

vendor:netgearmodel:gs728tpscope:eqversion:6.0.0.48

Trust: 0.8

vendor:netgearmodel:gs728tppscope:eqversion:6.0.0.48

Trust: 0.8

vendor:netgearmodel:gs750escope:eqversion:1.0.1.4

Trust: 0.8

vendor:netgearmodel:gs752tpscope:eqversion:6.0.0.48

Trust: 0.8

vendor:netgearmodel:gs752tppscope:eqversion:6.0.0.48

Trust: 0.8

vendor:netgearmodel:gs728tppv2scope:ltversion:6.0.0.48

Trust: 0.6

vendor:netgearmodel:gs728tpv2scope:ltversion:6.0.0.48

Trust: 0.6

vendor:netgearmodel:gs752tpv2scope:ltversion:6.0.0.48

Trust: 0.6

sources: CNVD: CNVD-2020-30760 // JVNDB: JVNDB-2019-015427 // NVD: CVE-2019-20697

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-20697
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2019-20697
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-015427
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-30760
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1281
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-20697
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015427
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-30760
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-20697
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2019-20697
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.3
version: 3.0

Trust: 1.0

NVD: JVNDB-2019-015427
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-30760 // JVNDB: JVNDB-2019-015427 // CNNVD: CNNVD-202004-1281 // NVD: CVE-2019-20697 // NVD: CVE-2019-20697

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2019-015427 // NVD: CVE-2019-20697

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1281

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1281

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015427

PATCH
title:Security Advisory for Pre-Authentication Stack Overflow on Some Switches, PSV-2019-0066url:https://kb.netgear.com/000061232/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Switches-PSV-2019-0066
Trust: 0.8
title:Patch for Multiple NETGEAR product buffer overflow vulnerabilities (CNVD-2020-30760)url:https://www.cnvd.org.cn/patchInfo/show/219501
Trust: 0.6
title:Multiple NETGEAR Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116552
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-30760 // 
            
            
            
            JVNDB: JVNDB-2019-015427 // 
            
            
            
            CNNVD: CNNVD-202004-1281

EXTERNAL IDS
db:NVDid:CVE-2019-20697
Trust: 3.0
db:JVNDBid:JVNDB-2019-015427
Trust: 0.8
db:CNVDid:CNVD-2020-30760
Trust: 0.6
db:CNNVDid:CNNVD-202004-1281
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-30760 // 
            
            
            
            JVNDB: JVNDB-2019-015427 // 
            
            
            
            CNNVD: CNNVD-202004-1281 // 
            
            
            
            NVD: CVE-2019-20697

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-20697
Trust: 2.0
url:https://kb.netgear.com/000061232/security-advisory-for-pre-authentication-stack-overflow-on-some-switches-psv-2019-0066
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20697
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-30760 // 
            
            
            
            JVNDB: JVNDB-2019-015427 // 
            
            
            
            CNNVD: CNNVD-202004-1281 // 
            
            
            
            NVD: CVE-2019-20697

CREDITS
Asaf Karas
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202004-1281

SOURCES
db:CNVDid:CNVD-2020-30760
db:JVNDBid:JVNDB-2019-015427
db:CNNVDid:CNNVD-202004-1281
db:NVDid:CVE-2019-20697

LAST UPDATE DATE
2024-11-23T22:16:30.901000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-30760date:2020-05-29T00:00:00
db:JVNDBid:JVNDB-2019-015427date:2020-05-19T00:00:00
db:CNNVDid:CNNVD-202004-1281date:2020-04-26T00:00:00
db:NVDid:CVE-2019-20697date:2024-11-21T04:39:06.577

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-30760date:2020-05-29T00:00:00
db:JVNDBid:JVNDB-2019-015427date:2020-05-19T00:00:00
db:CNNVDid:CNNVD-202004-1281date:2020-04-16T00:00:00
db:NVDid:CVE-2019-20697date:2020-04-16T19:15:23.760