CVE-2019-20740

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, R7300 before 1.0.0.70, R8300 before 1.0.2.130, and R8500 before 1.0.2.130.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 MEDIUM
ADJACENT_NETWORK
LOW
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
mitreCNA
6.3 MEDIUM
ADJACENT_NETWORK
HIGH
HIGH
CVSS:3.0/AC:H/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:R
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
netgeardgn2200_firmware
𝑥
< 1.0.0.110
netgeardgnd2200b_firmware
𝑥
< 1.0.0.109
netgearr7300_firmware
𝑥
< 1.0.0.70
netgearr8300_firmware
𝑥
< 1.0.2.130
netgearr8500_firmware
𝑥
< 1.0.2.130
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kb.netgear.com/000060976/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0258
https://kb.netgear.com/000060976/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0258