CVE-2019-20709

CWE-77Command InjectionCWE-78OS Command Injection3 documents3 sources
Severity
8.0HIGH
EPSS
0.3%
top 46.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Netgear D3600 FirmwareNetgear D6000 FirmwareNetgear Xr500 Firmware
Timeline
PublishedApr 16
Latest updateMay 24

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages3 packages

NVDnetgear/d3600_firmware< 1.0.0.76
NVDnetgear/d6000_firmware< 1.0.0.76
NVDnetgear/xr500_firmware< 2.3.2.32

🔴Vulnerability Details

2
GHSA
GHSA-8r2m-h4m5-j4ch: Certain NETGEAR devices are affected by command injection by an authenticated user2022-05-24
CVEList
CVE-2019-20709: Certain NETGEAR devices are affected by command injection by an authenticated user2020-04-16
CVE-2019-20709 (HIGH CVSS 8) | Certain NETGEAR devices are affecte | cvebase.io