PT-2020-10712 · NetGear · Ex3700+26

Aircut

·

Published

2020-04-16

·

Updated

2020-04-23

·

CVE-2019-20737

CVSS v3.1

6.7

Medium

VectorAV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions D6220 versions prior to 1.0.0.44 D6400 versions prior to 1.0.0.78 D7000v2 versions prior to 1.0.0.51 D8500 versions prior to 1.0.3.42 DGN2200v4 versions prior to 1.0.0.106 DGND2200Bv4 versions prior to 1.0.0.106 EX3700 versions prior to 1.0.0.70 EX3800 versions prior to 1.0.0.70 EX6000 versions prior to 1.0.0.30 EX6100 versions prior to 1.0.2.24 EX6120 versions prior to 1.0.0.40 EX6130 versions prior to 1.0.0.22 EX6150v1 versions prior to 1.0.0.42 EX6200 versions prior to 1.0.3.88 EX7000 versions prior to 1.0.0.66 R6400 versions prior to 1.0.1.42 R6700 versions prior to 1.0.1.46 R6700v3 versions prior to 1.0.2.52 R6900 versions prior to 1.0.1.46 R7000 versions prior to 1.0.9.28 R7900P versions prior to 1.3.0.10 R8000P versions prior to 1.3.0.10 R8300 versions prior to 1.0.2.122 R8500 versions prior to 1.0.2.122 WN2500RPv2 versions prior to 1.0.1.54 WNDR3400v3 versions prior to 1.0.1.24 WNR3500Lv2 versions prior to 1.2.0.54
Description Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.
Recommendations Update D6220 to version 1.0.0.44 or later Update D6400 to version 1.0.0.78 or later Update D7000v2 to version 1.0.0.51 or later Update D8500 to version 1.0.3.42 or later Update DGN2200v4 to version 1.0.0.106 or later Update DGND2200Bv4 to version 1.0.0.106 or later Update EX3700 to version 1.0.0.70 or later Update EX3800 to version 1.0.0.70 or later Update EX6000 to version 1.0.0.30 or later Update EX6100 to version 1.0.2.24 or later Update EX6120 to version 1.0.0.40 or later Update EX6130 to version 1.0.0.22 or later Update EX6150v1 to version 1.0.0.42 or later Update EX6200 to version 1.0.3.88 or later Update EX7000 to version 1.0.0.66 or later Update R6400 to version 1.0.1.42 or later Update R6700 to version 1.0.1.46 or later Update R6700v3 to version 1.0.2.52 or later Update R6900 to version 1.0.1.46 or later Update R7000 to version 1.0.9.28 or later Update R7900P to version 1.3.0.10 or later Update R8000P to version 1.3.0.10 or later Update R8300 to version 1.0.2.122 or later Update R8500 to version 1.0.2.122 or later Update WN2500RPv2 to version 1.0.1.54 or later Update WNDR3400v3 to version 1.0.1.24 or later Update WNR3500Lv2 to version 1.2.0.54 or later

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2019-20737

Affected Products

D6220
D6400
D7000V2
D8500
Dgn2200V4
Dgnd2200Bv4
Ex3700
Ex3800
Ex6000
Ex6100
Ex6120
Ex6130
Ex6150V1
Ex6200
Ex7000
R6400
R6700
R6700V3
R6900
R7000
R7900P
R8000P
R8300
R8500
Wn2500Rpv2
Wndr3400V3
Wnr3500Lv2