CVE-2019-20697

Published Apr 16, 2020

Last updated 5 years ago

CVSS high 8.8

Overview

Description: Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects GS728TPPv2 before 6.0.0.48, GS728TPv2 before 6.0.0.48, GS750E before 1.0.1.4, GS752TPP before 6.0.0.48, and GS752TPv2 before 6.0.0.48.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 3.0

Type: Secondary
Base score: 8.8
Impact score: 5.3
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 6.4
Exploitability score: 6.5
Vector string: AV:A/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:gs728tpp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C2653FD-09E5-4538-981C-B0DB9D8F0CE8",
            "versionEndExcluding": "6.0.0.48"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:gs728tpp:v2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FC4DE9FB-CAD5-45F9-A11C-1C20EE2FF3A1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:gs728tp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE90F6B4-5E72-4EC9-97E3-59D265B0A228",
            "versionEndExcluding": "6.0.0.48"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:gs728tp:v2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7126D4F8-2E3C-478B-9BD2-8055DFB48D8D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:gs750e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "280C5BF4-B929-4853-B991-4E83A92C1E17",
            "versionEndExcluding": "1.0.1.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:gs750e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A56285CF-1BD8-4BB5-AC9C-9EDDFCFC9E5C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:gs752tpp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B097324-51FF-4ACB-A53B-B88B16AD4F61",
            "versionEndExcluding": "6.0.0.48"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:gs752tpp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "995D8E9F-7AE6-4A17-A728-7190FB2CE8BC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:gs752tp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87CD1D35-E150-44B0-9565-353ACC1BA92B",
            "versionEndExcluding": "6.0.0.48"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:gs752tp:v2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CDD4D404-9A22-408B-89CF-5107B809CB90"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References