PT-2020-10655 · NetGear · Xr500+20

Published

2020-04-15

·

Updated

2021-07-21

·

CVE-2019-20680

CVSS v3.1

8.0

High

VectorAV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions NETGEAR D7000v2 versions prior to 1.0.0.53 NETGEAR R6220 versions prior to 1.1.0.80 NETGEAR R6260 versions prior to 1.1.0.64 NETGEAR R6700 versions prior to 1.0.2.6 NETGEAR R6700v2 versions prior to 1.2.0.36 NETGEAR R6800 versions prior to 1.2.0.36 NETGEAR R6900 versions prior to 1.0.2.4 NETGEAR R6900P versions prior to 1.3.1.64 NETGEAR R6900v2 versions prior to 1.2.0.36 NETGEAR R7000 versions prior to 1.0.9.60 NETGEAR R7000P versions prior to 1.3.1.64 NETGEAR R7800 versions prior to 1.0.2.60 NETGEAR R7900 versions prior to 1.0.3.8 NETGEAR R7900P versions prior to 1.4.1.30 NETGEAR R8000 versions prior to 1.0.4.46 NETGEAR R8000P versions prior to 1.4.1.30 NETGEAR R8300 versions prior to 1.0.2.128 NETGEAR R8500 versions prior to 1.0.2.128 NETGEAR R8900 versions prior to 1.0.4.12 NETGEAR R9000 versions prior to 1.0.4.12 NETGEAR XR500 versions prior to 2.3.2.32
Description The issue affects certain NETGEAR devices, allowing command injection by an authenticated user.
Recommendations Update NETGEAR D7000v2 to version 1.0.0.53 or later. Update NETGEAR R6220 to version 1.1.0.80 or later. Update NETGEAR R6260 to version 1.1.0.64 or later. Update NETGEAR R6700 to version 1.0.2.6 or later. Update NETGEAR R6700v2 to version 1.2.0.36 or later. Update NETGEAR R6800 to version 1.2.0.36 or later. Update NETGEAR R6900 to version 1.0.2.4 or later. Update NETGEAR R6900P to version 1.3.1.64 or later. Update NETGEAR R6900v2 to version 1.2.0.36 or later. Update NETGEAR R7000 to version 1.0.9.60 or later. Update NETGEAR R7000P to version 1.3.1.64 or later. Update NETGEAR R7800 to version 1.0.2.60 or later. Update NETGEAR R7900 to version 1.0.3.8 or later. Update NETGEAR R7900P to version 1.4.1.30 or later. Update NETGEAR R8000 to version 1.0.4.46 or later. Update NETGEAR R8000P to version 1.4.1.30 or later. Update NETGEAR R8300 to version 1.0.2.128 or later. Update NETGEAR R8500 to version 1.0.2.128 or later. Update NETGEAR R8900 to version 1.0.4.12 or later. Update NETGEAR R9000 to version 1.0.4.12 or later. Update NETGEAR XR500 to version 2.3.2.32 or later.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2019-20680

Affected Products

D7000V2
R6220
R6260
R6700
R6700V2
R6800
R6900
R6900P
R6900V2
R7000
R7000P
R7800
R7900
R7900P
R8000
R8000P
R8300
R8500
R8900
R9000
Xr500