CVE-2019-20680

Published Apr 15, 2020
Last updated 3 years ago
CVSS high 8.0
Overview

Description: Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7000v2 before 1.0.0.53, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.60, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.46, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.32.
Source: cve@mitre.org
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 8
Impact score: 5.9
Exploitability score: 2.1
Vector string: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH
CVSS 3.0

Type: Secondary
Base score: 7
Impact score: 5.5
Exploitability score: 1.5
Vector string: CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 5.2
Impact score: 6.4
Exploitability score: 5.1
Vector string: AV:A/AC:L/Au:S/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-77
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71A9577C-914A-4B23-BEF7-03DFBD634F5A",
            "versionEndExcluding": "1.0.0.53"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:d7000:v2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D8780623-F362-4FA5-8B33-37E9CB3FEE12"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "220EBC67-69DA-43D6-8B09-EBEEEF29679D",
            "versionEndExcluding": "1.1.0.80"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16D72B7A-0707-428F-A9AE-5899EBF4BBA0",
            "versionEndExcluding": "1.1.0.64"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3C395D49-57F9-4BC1-8619-57127355B86B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD6FD0FE-1431-4E39-8D07-B4AFE5BDB1B6",
            "versionEndExcluding": "1.0.2.6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "21B27F11-4262-4CE1-8107-B365A7C152F2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C39CE79-6433-47E2-A439-9AB1DFBD843C",
            "versionEndExcluding": "1.2.0.36"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "09404083-B00B-4C1F-8085-BC242E625CA3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E921ACD-4ED9-4FFD-AF96-F2E1D75F8C96",
            "versionEndExcluding": "1.0.2.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0794BB7C-1BCF-4F08-8EB2-9C3B150C105A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "103B19E9-C72D-43C2-8369-1C425E9B9AC7",
            "versionEndExcluding": "1.3.1.64"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB6992BA-B0F5-4E00-84F4-0B0336910AFA",
            "versionEndExcluding": "1.2.0.36"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2E8EB69B-6619-47B6-A073-D0B840D4EB0B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2464BFFA-401B-48F9-B326-15F306F927FF",
            "versionEndExcluding": "1.0.9.60"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E23D8A41-75D8-4067-A961-3B81276527A8",
            "versionEndExcluding": "1.3.1.64"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52E997BC-B5C7-4FBA-9535-6A0BA398F8C3",
            "versionEndExcluding": "1.0.2.60"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "17CF7445-6950-45FE-9D1A-E23F63316329"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "845CF217-8361-4D5B-811D-B9CEB68880CB",
            "versionEndExcluding": "1.0.3.8"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C484840F-AF30-4B5C-821A-4DB9BE407BDB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BBB7E16-D31C-49EA-9D82-D3BACED95441",
            "versionEndExcluding": "1.4.1.30"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35801B9D-59EA-4E23-8460-F2AAD4B4DEB0",
            "versionEndExcluding": "1.0.4.46"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6791754E-E5F9-42EA-AFDA-F93E8227A7C8",
            "versionEndExcluding": "1.4.1.30"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD0AB065-3152-492B-A66D-2BCCA1E3B1DA",
            "versionEndExcluding": "1.0.2.128"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7A9B77E7-7439-48C6-989F-5E22CB4D3044"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28EC6190-68BC-4D9A-9973-01935EB3472F",
            "versionEndExcluding": "1.0.2.128"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "63500DE4-BDBD-4F86-AB99-7DB084D0B912"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5AC056A-DF92-4CA7-9919-2C9BDAE3C32D",
            "versionEndExcluding": "1.0.4.12"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0F859165-8D89-4CDD-9D48-9C7923D2261F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1F914AD-70DC-47F5-A2F7-672DBE89C62E",
            "versionEndExcluding": "1.0.4.12"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29216B3A-9A3B-4752-99C2-4A9CFA8E5E26",
            "versionEndExcluding": "2.3.2.32"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A4FB8A1-D380-4234-88EB-91BFF6D215C7",
            "versionEndExcluding": "1.2.0.36"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9F9706E6-CA53-43E4-91B0-D52655C86860"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
