Details of VAR-202010-0590

ID

VAR-202010-0590

CVE

CVE-2020-26924

TITLE

plural NETGEAR Information leakage vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-012279

DESCRIPTION

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC720 before 3.9.1.13 and WAC730 before 3.9.1.13. Both NETGEAR WAC720 and NETGEAR WAC730 are products of NETGEAR. NETGEAR WAC720 is a wireless access point. This device is the access point for users who use wireless devices (mobile devices such as mobile phones and wireless devices such as laptop computers) to enter the wired network. NETGEAR WAC730 is a wireless access point. This device is the access point for users who use wireless devices (mobile devices such as mobile phones and wireless devices such as laptop computers) to enter the wired network. Certain NETGEAR devices WAC720 versions before 3.9.1.13 and WAC730 versions before 3.9.1.13 have security vulnerabilities, which are caused by configuration errors in network systems or products during operation. This affects WAC720 prior to 3.9.1.13 and WAC730 prior to 3.9.1.13

Trust: 2.25

sources: NVD: CVE-2020-26924 // JVNDB: JVNDB-2020-012279 // CNVD: CNVD-2020-58124 // VULMON: CVE-2020-26924

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-58124

AFFECTED PRODUCTS

vendor:	netgear	model:	wac730	scope:	lt	version:	3.9.1.13	Trust: 1.6
vendor:	netgear	model:	wac720	scope:	lt	version:	3.9.1.13	Trust: 1.0
vendor:	ネットギア	model:	wac720	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	wac730	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	certain netgear devices wac720	scope:	lt	version:	3.9.1.13	Trust: 0.6

sources: CNVD: CNVD-2020-58124 // JVNDB: JVNDB-2020-012279 // NVD: CVE-2020-26924

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-26924
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2020-26924
value:	LOW
Trust: 1.0
NVD:	CVE-2020-26924
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-58124
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202010-356
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2020-26924
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-26924
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-58124
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-26924
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2020-26924
baseSeverity:	LOW
baseScore:	3.1
vectorString:	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2020-26924
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-58124 // VULMON: CVE-2020-26924 // JVNDB: JVNDB-2020-012279 // CNNVD: CNNVD-202010-356 // NVD: CVE-2020-26924 // NVD: CVE-2020-26924

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012279 // NVD: CVE-2020-26924

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202010-356

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202010-356

PATCH

title:	Security Advisory for Sensitive Information Disclosure on Some Wireless Access Points, PSV-2020-0141	url:	https://kb.netgear.com/000062328/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Wireless-Access-Points-PSV-2020-0141	Trust: 0.8
title:	Patch for Certain NETGEAR devices WAC720 information disclosure vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/237400	Trust: 0.6
title:	Multiple NETGEAR Repair measures for device information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131142	Trust: 0.6

sources: CNVD: CNVD-2020-58124 // JVNDB: JVNDB-2020-012279 // CNNVD: CNNVD-202010-356

EXTERNAL IDS

db:	NVD	id:	CVE-2020-26924	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-012279	Trust: 0.8
db:	CNVD	id:	CNVD-2020-58124	Trust: 0.6
db:	CNNVD	id:	CNNVD-202010-356	Trust: 0.6
db:	VULMON	id:	CVE-2020-26924	Trust: 0.1

sources: CNVD: CNVD-2020-58124 // VULMON: CVE-2020-26924 // JVNDB: JVNDB-2020-012279 // CNNVD: CNNVD-202010-356 // NVD: CVE-2020-26924

REFERENCES

url:	https://kb.netgear.com/000062328/security-advisory-for-sensitive-information-disclosure-on-some-wireless-access-points-psv-2020-0141	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-26924	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-58124 // VULMON: CVE-2020-26924 // JVNDB: JVNDB-2020-012279 // CNNVD: CNNVD-202010-356 // NVD: CVE-2020-26924

SOURCES

db:	CNVD	id:	CNVD-2020-58124
db:	VULMON	id:	CVE-2020-26924
db:	JVNDB	id:	JVNDB-2020-012279
db:	CNNVD	id:	CNNVD-202010-356
db:	NVD	id:	CVE-2020-26924

LAST UPDATE DATE

2024-11-23T22:51:15.958000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-58124	date:	2020-10-23T00:00:00
db:	VULMON	id:	CVE-2020-26924	date:	2020-10-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-012279	date:	2021-04-28T07:36:00
db:	CNNVD	id:	CNNVD-202010-356	date:	2020-10-21T00:00:00
db:	NVD	id:	CVE-2020-26924	date:	2024-11-21T05:20:30.507

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-58124	date:	2020-10-09T00:00:00
db:	VULMON	id:	CVE-2020-26924	date:	2020-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-012279	date:	2021-04-28T00:00:00
db:	CNNVD	id:	CNNVD-202010-356	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2020-26924	date:	2020-10-09T07:15:18.057