CVE-2019-20640

CWE-787Out-of-bounds Write3 documents3 sources
Severity
8.8HIGH
EPSS
0.7%
top 29.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
17
Netgear D3600 FirmwareNetgear D6000 FirmwareNetgear D6200 Firmware+14 more
Timeline
PublishedApr 15
Latest updateMay 24

Description

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR50

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages17 packages

NVDnetgear/d3600_firmware< 1.0.0.76
NVDnetgear/d6000_firmware< 1.0.0.76
NVDnetgear/d6200_firmware< 1.1.00.32
NVDnetgear/d7000_firmware< 1.0.1.68
NVDnetgear/r6020_firmware< 1.0.0.38

🔴Vulnerability Details

2
GHSA
GHSA-7rh8-44p3-q7vr: Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker2022-05-24
CVEList
CVE-2019-20640: Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker2020-04-15
CVE-2019-20640 (HIGH CVSS 8.8) | Certain NETGEAR devices are affecte | cvebase.io