Be in love with vulnerability scanning

Mageni is a powerful and easy vulnerability scanner used by companies of all sizes. You will be in love with Mageni's powerful features, ease of use and price. Free for 7-days then $39 monthly for infinite IPs.

Start now 

No Contracts, Cancel at Anytime and 7-days Money-Back Guarantee.

App screenshot

CVE-2019-20734

CVE information

Published

2 years ago

Last Modified

2 years ago

CVSSv2.0 Severity

Medium

CVSSv3.1 Severity

High

Impact Analysis

Description

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.40, D8500 before 1.0.3.39, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.22, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6300v2 before 1.0.4.18, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6700v3 before 1.0.2.32, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R6900P before 1.0.0.56, R7000P before 1.0.0.56, R7100LG before 1.0.0.42, R7300DST before 1.0.0.54, R7900 before 1.0.1.26, R8300 before 1.0.2.106, R8500 before 1.0.2.106, WN2500RPv2 before 1.0.1.54, and WNR3500Lv2 before 1.2.0.46. NOTE: this may be a result of an incomplete fix for CVE-2017-18864..

CVSSv2.0 Score

Severity
Medium
Base Score
5.8/10
Exploit Score
6.5/10
Access Vector
Adjacent_network
Access Complexity
Low
Authentication Required
None
Impact Score
6.4/10
Confidentiality Impact
Partial
Availability Impact
Partial
Integrity Impact
Partial

CVSSv3.1 Score

Severity
High
Base Score
8.8/10
Exploit Score
2.8/10
Access Vector
Adjacent_network
Access Complexity
Low
Privileges Required
None
Impact Score
5.9/10
Confidentiality Impact
High
Availability Impact
High
Integrity Impact
High
Scope
Unchanged
User Interaction
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.0.40
cpe:2.3:h:netgear:d6220:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.3.39
cpe:2.3:h:netgear:d8500:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:ex3700_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.0.70
cpe:2.3:h:netgear:ex3700:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:ex3800_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.0.70
cpe:2.3:h:netgear:ex3800:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:ex6000_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.0.30
cpe:2.3:h:netgear:ex6000:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:ex6100_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.2.22
cpe:2.3:h:netgear:ex6100:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:ex6120_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.0.40
cpe:2.3:h:netgear:ex6120:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:ex6130_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.0.22
cpe:2.3:h:netgear:ex6130:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.0.42
cpe:2.3:h:netgear:ex6150:v1:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.3.88
cpe:2.3:h:netgear:ex6200:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:ex7000_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.0.66
cpe:2.3:h:netgear:ex7000:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:r6300_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.4.18
cpe:2.3:h:netgear:r6300:v2:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.1.24
cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.2.32
cpe:2.3:h:netgear:r6400:v2:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.1.22
cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.2.32
cpe:2.3:h:netgear:r6700:v3:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.1.22
cpe:2.3:h:netgear:r6900:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.9.6
cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.0.56
cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.0.56
cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.0.42
cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:r7300dst_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.0.54
cpe:2.3:h:netgear:r7300dst:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.1.26
cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.2.106
cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.2.106
cpe:2.3:h:netgear:r8500:-:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:wn2500rp_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.1.54
cpe:2.3:h:netgear:wn2500rp:v2:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:netgear:wnr3500l_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.2.0.46
cpe:2.3:h:netgear:wnr3500l:v2:*:*:*:*:*:*:*
  No
-

Every 11 seconds there is a ransomware attack.

Mageni can help you manage this threat by understanding your vulnerabilities and prioritizing the remediation.

Sign up for free