CVE-2019-20676

EPSS 0.1%
Veröffentlicht 15.04.2020 20:15:14
Zuletzt bearbeitet 21.11.2024 04:39:03
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS724TPv2 before 1.1.1.29, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netgear ≫ Fs728tlp Firmware Version < 1.0.1.26

Netgear ≫ Fs728tlp Version-

Netgear ≫ Gs105e Firmware Version < 1.6.0.4

Netgear ≫ Gs105e Versionv2

Netgear ≫ Gs105pe Firmware Version < 1.6.0.4

Netgear ≫ Gs105pe Version-

Netgear ≫ Gs108e Firmware Version < 2.06.08

Netgear ≫ Gs108e Versionv3

Netgear ≫ Gs108pe Firmware Version < 2.06.08

Netgear ≫ Gs108pe Versionv3

Netgear ≫ Gs110emx Firmware Version < 1.0.1.4

Netgear ≫ Gs110emx Version-

Netgear ≫ Gs116e Firmware Version < 2.6.0.35

Netgear ≫ Gs116e Versionv2

Netgear ≫ Gs408epp Firmware Version < 1.0.0.15

Netgear ≫ Gs408epp Version-

Netgear ≫ Gs724tp Firmware Version < 1.1.1.29

Netgear ≫ Gs724tp Versionv2

Netgear ≫ Gs808e Firmware Version < 1.7.0.7

Netgear ≫ Gs808e Version-

Netgear ≫ Gs810emx Firmware Version < 1.7.1.1

Netgear ≫ Gs810emx Version-

Netgear ≫ Gs908e Firmware Version < 1.7.0.3

Netgear ≫ Gs908e Version-

Netgear ≫ Gss108e Firmware Version < 1.6.0.4

Netgear ≫ Gss108e Version-

Netgear ≫ Gss108epp Firmware Version < 1.0.0.15

Netgear ≫ Gss108epp Version-

Netgear ≫ Gss116e Firmware Version < 1.6.0.9

Netgear ≫ Gss116e Version-

Netgear ≫ Jgs516pe Firmware Version < 2.6.0.35

Netgear ≫ Jgs516pe Version-

Netgear ≫ Jgs524e Firmware Version < 2.6.0.35

Netgear ≫ Jgs524e Versionv2

Netgear ≫ Jgs524pe Firmware Version < 2.6.0.35

Netgear ≫ Jgs524pe Version-

Netgear ≫ Xs512em Firmware Version < 1.0.1.1

Netgear ≫ Xs512em Version-

Netgear ≫ Xs708e Firmware Version < 1.6.0.23

Netgear ≫ Xs708e Versionv2

Netgear ≫ Xs716e Firmware Version < 1.6.0.23

Netgear ≫ Xs716e Version-

Netgear ≫ Xs724em Firmware Version < 1.0.1.1

Netgear ≫ Xs724em Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.287

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6	0.8	5.2	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	3.6	3.9	4.9	AV:L/AC:L/Au:N/C:P/I:P/A:N
cve@mitre.org	6	0.8	5.2	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://kb.netgear.com/000061463/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Switches-PSV-2018-0542

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-20676

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-20676

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-20676

EUVD