{ "id": "CVE-2019-20680", "sourceIdentifier": "cve@mitre.org", "published": "2020-04-15T20:15:14.583", "lastModified": "2021-07-21T11:39:23.747", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7000v2 before 1.0.0.53, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.60, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.46, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.32." }, { "lang": "es", "value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una inyecci\u00f3n de comandos por parte de un usuario autenticado. Esto afecta a D7000v2 versiones anteriores a 1.0.0.53, R6220 versiones anteriores a 1.1.0.80, R6260 versiones anteriores a 1.1.0.64, R6700 versiones anteriores a 1.0.2.6, R6700v2 versiones anteriores a 1.2.0.36, R6800 versiones anteriores a 1.2.0.36, R6900 versiones anteriores a 1.0.2.4, R6900P versiones anteriores a 1.3.1.64, R6900v2 versiones anteriores a 1.2.0.36, R7000 versiones anteriores a 1.0.9.60, R7000P versiones anteriores a 1.3.1.64, R7800 versiones anteriores a 1.0.2.60, R7900 versiones anteriores a 1.0.3.8, R7900P versiones anteriores a 1.4.1.30, R8000 versiones anteriores a 1.0.4.46, R8000P versiones anteriores a 1.4.1.30, R8300 versiones anteriores a 1.0.2.128, R8500 versiones anteriores a 1.0.2.128, R8900 versiones anteriores a 1.0.4.12, R9000 versiones anteriores a 1.0.4.12 y XR500 versiones anteriores a 2.3.2.32." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH" }, "exploitabilityScore": 2.1, "impactScore": 5.9 } ], "cvssMetricV30": [ { "source": "cve@mitre.org", "type": "Secondary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "LOW", "baseScore": 7.0, "baseSeverity": "HIGH" }, "exploitabilityScore": 1.5, "impactScore": 5.5 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "accessVector": "ADJACENT_NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 5.2 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 5.1, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-77" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.0.53", "matchCriteriaId": "71A9577C-914A-4B23-BEF7-03DFBD634F5A" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:d7000:v2:*:*:*:*:*:*:*", "matchCriteriaId": "D8780623-F362-4FA5-8B33-37E9CB3FEE12" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.1.0.80", "matchCriteriaId": "220EBC67-69DA-43D6-8B09-EBEEEF29679D" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*", "matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.1.0.64", "matchCriteriaId": "16D72B7A-0707-428F-A9AE-5899EBF4BBA0" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C395D49-57F9-4BC1-8619-57127355B86B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.2.6", "matchCriteriaId": "AD6FD0FE-1431-4E39-8D07-B4AFE5BDB1B6" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*", "matchCriteriaId": "21B27F11-4262-4CE1-8107-B365A7C152F2" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.2.0.36", "matchCriteriaId": "3C39CE79-6433-47E2-A439-9AB1DFBD843C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*", "matchCriteriaId": "09404083-B00B-4C1F-8085-BC242E625CA3" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.2.4", "matchCriteriaId": "3E921ACD-4ED9-4FFD-AF96-F2E1D75F8C96" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:*", "matchCriteriaId": "0794BB7C-1BCF-4F08-8EB2-9C3B150C105A" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.3.1.64", "matchCriteriaId": "103B19E9-C72D-43C2-8369-1C425E9B9AC7" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*", "matchCriteriaId": "C41908FF-AE64-4949-80E3-BEE061B2DA8A" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.2.0.36", "matchCriteriaId": "DB6992BA-B0F5-4E00-84F4-0B0336910AFA" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*", "matchCriteriaId": "2E8EB69B-6619-47B6-A073-D0B840D4EB0B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.9.60", "matchCriteriaId": "2464BFFA-401B-48F9-B326-15F306F927FF" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.3.1.64", "matchCriteriaId": "E23D8A41-75D8-4067-A961-3B81276527A8" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*", "matchCriteriaId": "DFE55F4D-E98B-46D3-B870-041141934CD1" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.2.60", "matchCriteriaId": "52E997BC-B5C7-4FBA-9535-6A0BA398F8C3" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*", "matchCriteriaId": "17CF7445-6950-45FE-9D1A-E23F63316329" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.3.8", "matchCriteriaId": "845CF217-8361-4D5B-811D-B9CEB68880CB" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*", "matchCriteriaId": "C484840F-AF30-4B5C-821A-4DB9BE407BDB" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.4.1.30", "matchCriteriaId": "8BBB7E16-D31C-49EA-9D82-D3BACED95441" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3D6A70D-66AF-4064-9F1B-4358D4B1F016" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.4.46", "matchCriteriaId": "35801B9D-59EA-4E23-8460-F2AAD4B4DEB0" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*", "matchCriteriaId": "5B39F095-8FE8-43FD-A866-7B613B495984" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.4.1.30", "matchCriteriaId": "6791754E-E5F9-42EA-AFDA-F93E8227A7C8" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7EF872D-2537-4FEB-8799-499FC9D44339" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.2.128", "matchCriteriaId": "FD0AB065-3152-492B-A66D-2BCCA1E3B1DA" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A9B77E7-7439-48C6-989F-5E22CB4D3044" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.2.128", "matchCriteriaId": "28EC6190-68BC-4D9A-9973-01935EB3472F" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*", "matchCriteriaId": "63500DE4-BDBD-4F86-AB99-7DB084D0B912" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.4.12", "matchCriteriaId": "E5AC056A-DF92-4CA7-9919-2C9BDAE3C32D" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F859165-8D89-4CDD-9D48-9C7923D2261F" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.4.12", "matchCriteriaId": "F1F914AD-70DC-47F5-A2F7-672DBE89C62E" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*", "matchCriteriaId": "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.3.2.32", "matchCriteriaId": "29216B3A-9A3B-4752-99C2-4A9CFA8E5E26" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.2.0.36", "matchCriteriaId": "4A4FB8A1-D380-4234-88EB-91BFF6D215C7" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*", "matchCriteriaId": "9F9706E6-CA53-43E4-91B0-D52655C86860" } ] } ] } ], "references": [ { "url": "https://kb.netgear.com/000061459/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2018-0388", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] } ] }