CVE-2019-20699

CRITICAL

9.8

Description

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, and GSS108EPP before 1.0.0.15.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published4/16/2020

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

netgear:gs105enetgear:gs105e_firmwarenetgear:gs105penetgear:gs105pe_firmwarenetgear:gs408eppnetgear:gs408epp_firmwarenetgear:gs808enetgear:gs808e_firmwarenetgear:gs908enetgear:gs908e_firmwarenetgear:gss108enetgear:gss108e_firmwarenetgear:gss108eppnetgear:gss108epp_firmware

Weaknesses (CWE)

CWE-120

References

https://kb.netgear.com/000061230/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Switches-PSV-2018-0538(cve@mitre.org)

https://kb.netgear.com/000061230/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Switches-PSV-2018-0538(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.