CVE-2019-20740

EUVD-2019-11279
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, R7300 before 1.0.0.70, R8300 before 1.0.2.130, and R8500 before 1.0.2.130.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
ADJACENT_NETWORK
LOW
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
mitreCNA
6.3 MEDIUM
ADJACENT_NETWORK
HIGH
HIGH
CVSS:3.0/AC:H/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:R
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
netgeardgn2200_firmware
𝑥
< 1.0.0.110
netgeardgnd2200b_firmware
𝑥
< 1.0.0.109
netgearr7300_firmware
𝑥
< 1.0.0.70
netgearr8300_firmware
𝑥
< 1.0.2.130
netgearr8500_firmware
𝑥
< 1.0.2.130
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kb.netgear.com/000060976/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0258
https://kb.netgear.com/000060976/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0258