Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-20659

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and R7900 before 1.0.3.10.

Published

2020-04-15T19:15:13.300

Last Modified

2024-11-21T04:38:59.560

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-77
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System netgear r6400_firmware < 1.0.4.84 Yes
Hardware netgear r6400 v2 No
Operating System netgear r6700_firmware < 1.0.2.8 Yes
Hardware netgear r6700 - No
Operating System netgear r6700_firmware < 1.0.4.84 Yes
Hardware netgear r6700 v3 No
Operating System netgear r6900_firmware < 1.0.2.8 Yes
Hardware netgear r6900 - No
Operating System netgear r7900_firmware < 1.0.3.10 Yes
Hardware netgear r7900 - No
References