Lucene search

MitreCVE-2019-20756

HistoryApr 16, 2020 - 10:15 p.m.

CVE-2019-20756

2020-04-1622:15:12

CWE-79

mitre

web.nvd.nist.gov

netgear

reflected xss

cve-2019-20756

security vulnerability

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

33.8%

JSON

Certain NETGEAR devices are affected by reflected XSS. This affects EX7000 before 1.0.0.64, EX6200 before 1.0.3.86, EX6150 before 1.0.0.38, EX6130 before 1.0.0.22, EX6120 before 1.0.0.40, EX6100 before 1.0.2.22, EX6000 before 1.0.0.30, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, R8300 before 1.0.2.94, R7300DST before 1.0.0.62, R7000P before 1.3.0.20, R6900P before 1.3.0.20, R6400 before 1.0.1.32, R6300v2 before 1.0.4.24, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.18, and WN2500RPv2 before 1.0.1.52.

Affected configurations

Nvd

Node

netgearex7000_firmwareRange<1.0.0.64

AND

netgearex7000Match-

Node

netgearex6200_firmwareRange<1.0.3.86

AND

netgearex6200Match-

Node

netgearex6150_firmwareRange<1.0.0.38

AND

netgearex6150Match-

Node

netgearex6130_firmwareRange<1.0.0.22

AND

netgearex6130Match-

Node

netgearex6120_firmwareRange<1.0.0.40

AND

netgearex6120Match-

Node

netgearex6100_firmwareRange<1.0.2.22

AND

netgearex6100Match-

Node

netgearex6000_firmwareRange<1.0.0.30

AND

netgearex6000Match-

Node

netgearex3700_firmwareRange<1.0.0.70

AND

netgearex3700Match-

Node

netgearex3800_firmwareRange<1.0.0.70

AND

netgearex3800Match-

Node

netgearr8300_firmwareRange<1.0.2.94

AND

netgearr8300Match-

Node

netgearr7300dst_firmwareRange<1.0.0.62

AND

netgearr7300dstMatch-

Node

netgearr7000p_firmwareRange<1.3.0.20

AND

netgearr7000pMatch-

Node

netgearr6900p_firmwareRange<1.3.0.20

AND

netgearr6900pMatch-

Node

netgearr6400_firmwareRange<1.0.1.32

AND

netgearr6400Match-

Node

netgearr6300_firmwareRange<1.0.4.24

AND

netgearr6300Matchv2

Node

netgearr8500_firmwareRange<1.0.2.94

AND

netgearr8500Match-

Node

netgearwndr3400_firmwareRange<1.0.1.18

AND

netgearwndr3400Matchv3

Node

netgearwn2500rp_firmwareRange<1.0.1.52

AND

netgearwn2500rpMatchv2

VendorProductVersionCPE
netgearex7000_firmware*cpe:2.3:o:netgear:ex7000_firmware:*:*:*:*:*:*:*:*
netgearex7000-cpe:2.3:h:netgear:ex7000:-:*:*:*:*:*:*:*
netgearex6200_firmware*cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*
netgearex6200-cpe:2.3:h:netgear:ex6200:-:*:*:*:*:*:*:*
netgearex6150_firmware*cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*
netgearex6150-cpe:2.3:h:netgear:ex6150:-:*:*:*:*:*:*:*
netgearex6130_firmware*cpe:2.3:o:netgear:ex6130_firmware:*:*:*:*:*:*:*:*
netgearex6130-cpe:2.3:h:netgear:ex6130:-:*:*:*:*:*:*:*
netgearex6120_firmware*cpe:2.3:o:netgear:ex6120_firmware:*:*:*:*:*:*:*:*
netgearex6120-cpe:2.3:h:netgear:ex6120:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	ex7000_firmware	*	cpe:2.3:o:netgear:ex7000_firmware::::::::
netgear	ex7000	-	cpe:2.3:h:netgear:ex7000:-:::::::*
netgear	ex6200_firmware	*	cpe:2.3:o:netgear:ex6200_firmware::::::::
netgear	ex6200	-	cpe:2.3:h:netgear:ex6200:-:::::::*
netgear	ex6150_firmware	*	cpe:2.3:o:netgear:ex6150_firmware::::::::
netgear	ex6150	-	cpe:2.3:h:netgear:ex6150:-:::::::*
netgear	ex6130_firmware	*	cpe:2.3:o:netgear:ex6130_firmware::::::::
netgear	ex6130	-	cpe:2.3:h:netgear:ex6130:-:::::::*
netgear	ex6120_firmware	*	cpe:2.3:o:netgear:ex6120_firmware::::::::
netgear	ex6120	-	cpe:2.3:h:netgear:ex6120:-:::::::*

Rows per page:

1-10 of 361

References

kb.netgear.com/000060643/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2017-0709

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

33.8%

JSON

Related for CVE-2019-20756