Sign-up

ID

VAR-202004-0913


CVE

CVE-2019-20679


TITLE

NETGEAR MR1100 Input verification vulnerabilities on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-015357

DESCRIPTION

NETGEAR MR1100 devices before 12.06.08.00 are affected by lack of access control at the function level. NETGEAR MR1100 The device contains an input verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR MR1100 is a wireless router of NETGEAR. NETGEAR MR1100 versions prior to 12.06.08.00 have input validation error vulnerabilities, and no detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2019-20679 // JVNDB: JVNDB-2019-015357 // CNVD: CNVD-2020-24421

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-24421

AFFECTED PRODUCTS

vendor:netgearmodel:mr1100scope:ltversion:12.06.08.00

Trust: 1.6

vendor:netgearmodel:mr 1100scope:eqversion:12.06.08.00

Trust: 0.8

sources: CNVD: CNVD-2020-24421 // JVNDB: JVNDB-2019-015357 // NVD: CVE-2019-20679

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-20679
value: CRITICAL

Trust: 1.0

cve@mitre.org: CVE-2019-20679
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-015357
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-24421
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202004-1207
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-20679
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015357
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-24421
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-20679
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2019-20679
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 5.2
version: 3.0

Trust: 1.0

NVD: JVNDB-2019-015357
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-24421 // JVNDB: JVNDB-2019-015357 // CNNVD: CNNVD-202004-1207 // NVD: CVE-2019-20679 // NVD: CVE-2019-20679

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2019-015357 // NVD: CVE-2019-20679

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1207

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1207

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015357

PATCH
title:Security Advisory for Missing Function Level Access Control on MR1100, PSV-2018-0537url:https://kb.netgear.com/000061460/Security-Advisory-for-Missing-Function-Level-Access-Control-on-MR1100-PSV-2018-0537
Trust: 0.8
title:Patch for NETGEAR MR1100 input verification error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/215165
Trust: 0.6
title:NETGEAR MR1100 Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116506
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-24421 // 
            
            
            
            JVNDB: JVNDB-2019-015357 // 
            
            
            
            CNNVD: CNNVD-202004-1207

EXTERNAL IDS
db:NVDid:CVE-2019-20679
Trust: 3.0
db:JVNDBid:JVNDB-2019-015357
Trust: 0.8
db:CNVDid:CNVD-2020-24421
Trust: 0.6
db:CNNVDid:CNNVD-202004-1207
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-24421 // 
            
            
            
            JVNDB: JVNDB-2019-015357 // 
            
            
            
            CNNVD: CNNVD-202004-1207 // 
            
            
            
            NVD: CVE-2019-20679

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-20679
Trust: 2.0
url:https://kb.netgear.com/000061460/security-advisory-for-missing-function-level-access-control-on-mr1100-psv-2018-0537
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20679
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-24421 // 
            
            
            
            JVNDB: JVNDB-2019-015357 // 
            
            
            
            CNNVD: CNNVD-202004-1207 // 
            
            
            
            NVD: CVE-2019-20679

SOURCES
db:CNVDid:CNVD-2020-24421
db:JVNDBid:JVNDB-2019-015357
db:CNNVDid:CNNVD-202004-1207
db:NVDid:CVE-2019-20679

LAST UPDATE DATE
2024-11-23T22:41:07.446000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-24421date:2020-04-24T00:00:00
db:JVNDBid:JVNDB-2019-015357date:2020-05-13T00:00:00
db:CNNVDid:CNNVD-202004-1207date:2020-05-06T00:00:00
db:NVDid:CVE-2019-20679date:2024-11-21T04:39:03.673

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-24421date:2020-04-24T00:00:00
db:JVNDBid:JVNDB-2019-015357date:2020-05-13T00:00:00
db:CNNVDid:CNNVD-202004-1207date:2020-04-15T00:00:00
db:NVDid:CVE-2019-20679date:2020-04-15T20:15:14.520