CVE-2019-20690

Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.30, D7000 before 1.0.1.66, R6020 before 1.0.0.34, R6080 before 1.0.0.34, R6120 before 1.0.0.44, R6220 before 1.1.0.68, WNR2020 before 1.1.0.54, and WNR614 before 1.1.0.54.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
7.5 HIGH
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.0/AC:H/AV:A/A:H/C:H/I:H/PR:N/S:U/UI:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
netgeard6200_firmware
𝑥
< 1.1.00.30
netgeard7000_firmware
𝑥
< 1.0.1.66
netgearr6020_firmware
𝑥
< 1.0.0.34
netgearr6080_firmware
𝑥
< 1.0.0.34
netgearr6120_firmware
𝑥
< 1.0.0.44
netgearr6220_firmware
𝑥
< 1.1.0.68
netgearwnr2020_firmware
𝑥
< 1.1.0.54
netgearwnr614_firmware
𝑥
< 1.1.0.54
𝑥
= Vulnerable software versions
References
https://kb.netgear.com/000061449/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2018-0073
https://kb.netgear.com/000061449/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2018-0073