PT-2020-10722 · NetGear · Rbr50+22

Martin Rakhmanov

·

Published

2020-04-16

·

Updated

2020-04-23

·

CVE-2019-20747

CVSS v3.1

6.8

Medium

VectorAC:L/AV:A/A:H/C:H/I:H/PR:H/S:U/UI:N
Name of the Vulnerable Software and Affected Versions NETGEAR D6100 versions 1.0.0.0 through 1.0.0.57 NETGEAR D7800 versions 1.0.0.0 through 1.0.1.39 NETGEAR R7500v2 versions 1.0.0.0 through 1.0.3.33 NETGEAR R7800 versions 1.0.0.0 through 1.0.2.51 NETGEAR R8900 versions 1.0.0.0 through 1.0.4.1 NETGEAR R9000 versions 1.0.0.0 through 1.0.3.15 NETGEAR RAX120 versions 1.0.0.0 through 1.0.0.73 NETGEAR RBK20 versions 2.3.0.0 through 2.3.0.21 NETGEAR RBR20 versions 2.3.0.0 through 2.3.0.21 NETGEAR RBS20 versions 2.3.0.0 through 2.3.0.21 NETGEAR RBK50 versions 2.3.0.0 through 2.3.0.21 NETGEAR RBR50 versions 2.3.0.0 through 2.3.0.21 NETGEAR RBS50 versions 2.3.0.0 through 2.3.0.21 NETGEAR RBK40 versions 2.3.0.0 through 2.3.0.21 NETGEAR RBS40 versions 2.3.0.0 through 2.3.0.21 NETGEAR SRK60 versions 2.2.0.0 through 2.2.0.63 NETGEAR SRR60 versions 2.2.0.0 through 2.2.0.63 NETGEAR SRS60 versions 2.2.0.0 through 2.2.0.63 NETGEAR WNDR3700v4 versions 1.0.0.0 through 1.0.2.101 NETGEAR WNDR4300 versions 1.0.0.0 through 1.0.2.103 NETGEAR WNDR4300v2 versions 1.0.0.0 through 1.0.0.55 NETGEAR WNDR4500v3 versions 1.0.0.0 through 1.0.0.55 NETGEAR WNR2000v5 versions 1.0.0.0 through 1.0.0.65
Description A stack-based buffer overflow issue affects certain NETGEAR devices, allowing an authenticated user to potentially exploit the vulnerability.
Recommendations Update NETGEAR D6100 to version 1.0.0.58 or later. Update NETGEAR D7800 to version 1.0.1.40 or later. Update NETGEAR R7500v2 to version 1.0.3.34 or later. Update NETGEAR R7800 to version 1.0.2.52 or later. Update NETGEAR R8900 to version 1.0.4.2 or later. Update NETGEAR R9000 to version 1.0.3.16 or later. Update NETGEAR RAX120 to version 1.0.0.74 or later. Update NETGEAR RBK20 to version 2.3.0.22 or later. Update NETGEAR RBR20 to version 2.3.0.22 or later. Update NETGEAR RBS20 to version 2.3.0.22 or later. Update NETGEAR RBK50 to version 2.3.0.22 or later. Update NETGEAR RBR50 to version 2.3.0.22 or later. Update NETGEAR RBS50 to version 2.3.0.22 or later. Update NETGEAR RBK40 to version 2.3.0.22 or later. Update NETGEAR RBS40 to version 2.3.0.22 or later. Update NETGEAR SRK60 to version 2.2.0.64 or later. Update NETGEAR SRR60 to version 2.2.0.64 or later. Update NETGEAR SRS60 to version 2.2.0.64 or later. Update NETGEAR WNDR3700v4 to version 1.0.2.102 or later. Update NETGEAR WNDR4300 to version 1.0.2.104 or later. Update NETGEAR WNDR4300v2 to version 1.0.0.56 or later. Update NETGEAR WNDR4500v3 to version 1.0.0.56 or later. Update NETGEAR WNR2000v5 to version 1.0.0.66 or later.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2019-20747

Affected Products

D6100
D7800
R7500V2
R7800
R8900
R9000
Rax120
Rbk20
Rbk40
Rbk50
Rbr20
Rbr50
Rbs20
Rbs40
Rbs50
Srk60
Srr60
Srs60
Wndr3700V4
Wndr4300
Wndr4300V2
Wndr4500V3
Wnr2000V5