PT-2020-10706 · NetGear · Ex3700+29

Aircut

·

Published

2020-04-16

·

Updated

2020-04-22

·

CVE-2019-20731

CVSS v3.1

6.7

Medium

VectorAV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions D6220 versions prior to 1.0.0.40 D6400 versions prior to 1.0.0.74 D7000v2 versions prior to 1.0.0.74 D8500 versions prior to 1.0.3.39 EX3700 versions prior to 1.0.0.70 EX3800 versions prior to 1.0.0.70 EX6000 versions prior to 1.0.0.30 EX6100 versions prior to 1.0.2.22 EX6120 versions prior to 1.0.0.40 EX6130 versions prior to 1.0.0.22 EX6150v1 versions prior to 1.0.0.42 EX6200 versions prior to 1.0.3.88 EX7000 versions prior to 1.0.0.66 R6250 versions prior to 1.0.4.20 R6300v2 versions prior to 1.0.4.18 R6400v2 versions prior to 1.0.2.52 R6700 versions prior to 1.0.1.44 R6900 versions prior to 1.0.1.46 R7000 versions prior to 1.0.9.26 R6900P versions prior to 1.3.0.20 R7000P versions prior to 1.3.0.20 R7100LG versions prior to 1.0.0.34 R7300DST versions prior to 1.0.0.62 R8000 versions prior to 1.0.4.12 R7900P versions prior to 1.3.0.10 R8000P versions prior to 1.3.0.10 R8300 versions prior to 1.0.2.116 R8500 versions prior to 1.0.2.116 WN2500RPv2 versions prior to 1.0.1.54 WNDR3400v3 versions prior to 1.0.1.18
Description The issue is a buffer overflow that can be triggered by an authenticated user. This affects various NETGEAR devices.
Recommendations Update D6220 to version 1.0.0.40 or later Update D6400 to version 1.0.0.74 or later Update D7000v2 to version 1.0.0.74 or later Update D8500 to version 1.0.3.39 or later Update EX3700 to version 1.0.0.70 or later Update EX3800 to version 1.0.0.70 or later Update EX6000 to version 1.0.0.30 or later Update EX6100 to version 1.0.2.22 or later Update EX6120 to version 1.0.0.40 or later Update EX6130 to version 1.0.0.22 or later Update EX6150v1 to version 1.0.0.42 or later Update EX6200 to version 1.0.3.88 or later Update EX7000 to version 1.0.0.66 or later Update R6250 to version 1.0.4.20 or later Update R6300v2 to version 1.0.4.18 or later Update R6400v2 to version 1.0.2.52 or later Update R6700 to version 1.0.1.44 or later Update R6900 to version 1.0.1.46 or later Update R7000 to version 1.0.9.26 or later Update R6900P to version 1.3.0.20 or later Update R7000P to version 1.3.0.20 or later Update R7100LG to version 1.0.0.34 or later Update R7300DST to version 1.0.0.62 or later Update R8000 to version 1.0.4.12 or later Update R7900P to version 1.3.0.10 or later Update R8000P to version 1.3.0.10 or later Update R8300 to version 1.0.2.116 or later Update R8500 to version 1.0.2.116 or later Update WN2500RPv2 to version 1.0.1.54 or later Update WNDR3400v3 to version 1.0.1.18 or later

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2019-20731

Affected Products

D6220
D6400
D7000V2
D8500
Ex3700
Ex3800
Ex6000
Ex6100
Ex6120
Ex6130
Ex6150V1
Ex6200
Ex7000
R6250
R6300V2
R6400V2
R6700
R6900
R6900P
R7000
R7000P
R7100Lg
R7300Dst
R7900P
R8000
R8000P
R8300
R8500
Wn2500Rpv2
Wndr3400V3