Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-20691

Certain NETGEAR devices are affected by CSRF. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, and WN2500RPv2 before 1.0.1.54.

Published

2020-04-16T19:15:23.447

Last Modified

2024-11-21T04:39:05.687

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-352
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System netgear d3600_firmware < 1.0.0.72 Yes
Hardware netgear d3600 - No
Operating System netgear d6000_firmware < 1.0.0.72 Yes
Hardware netgear d6000 - No
Operating System netgear ex3700_firmware < 1.0.0.70 Yes
Hardware netgear ex3700 - No
Operating System netgear ex3800_firmware < 1.0.0.70 Yes
Hardware netgear ex3800 - No
Operating System netgear ex6000_firmware < 1.0.0.30 Yes
Hardware netgear ex6000 - No
Operating System netgear ex6100_firmware < 1.0.2.24 Yes
Hardware netgear ex6100 - No
Operating System netgear ex6120_firmware < 1.0.0.40 Yes
Hardware netgear ex6120 - No
Operating System netgear ex6130_firmware < 1.0.0.22 Yes
Hardware netgear ex6130 - No
Operating System netgear ex6150_firmware < 1.0.0.42 Yes
Hardware netgear ex6150 v1 No
Operating System netgear ex6200_firmware < 1.0.3.88 Yes
Hardware netgear ex6200 - No
Operating System netgear ex7000_firmware < 1.0.0.66 Yes
Hardware netgear ex7000 - No
Operating System netgear wn2500rp_firmware < 1.0.1.54 Yes
Hardware netgear wn2500rp v2 No
References