CVE-2019-20676 — MEDIUM (6.0)

Q: How severe is CVE-2019-20676?

CVE-2019-20676 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-20676?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Fs728Tlp Firmware, Netgear Fs728Tlp, Netgear Gs105E Firmware, Netgear Gs105E, Netgear Gs105Pe Firmware.

Vulnerability Description

Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS724TPv2 before 1.1.1.29, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1.

CVSS Score

6.0

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Netgear	Fs728Tlp Firmware	< 1.0.1.26
Netgear	Fs728Tlp	-
Netgear	Gs105E Firmware	< 1.6.0.4
Netgear	Gs105E	v2
Netgear	Gs105Pe Firmware	< 1.6.0.4
Netgear	Gs105Pe	-
Netgear	Gs108E Firmware	< 2.06.08
Netgear	Gs108E	v3
Netgear	Gs108Pe Firmware	< 2.06.08
Netgear	Gs108Pe	v3
Netgear	Gs110Emx Firmware	< 1.0.1.4
Netgear	Gs110Emx	-
Netgear	Gs116E Firmware	< 2.6.0.35
Netgear	Gs116E	v2
Netgear	Gs408Epp Firmware	< 1.0.0.15
Netgear	Gs408Epp	-
Netgear	Gs724Tp Firmware	< 1.1.1.29
Netgear	Gs724Tp	v2
Netgear	Gs808E Firmware	< 1.7.0.7
Netgear	Gs808E	-

Related Weaknesses (CWE)

CWE-862

References

https://kb.netgear.com/000061463/Security-Advisory-for-Missing-Function-Level-AcVendor Advisory
https://kb.netgear.com/000061463/Security-Advisory-for-Missing-Function-Level-AcVendor Advisory

FAQ

What is CVE-2019-20676?

CVE-2019-20676 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, G...

How severe is CVE-2019-20676?

CVE-2019-20676 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-20676?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Fs728Tlp Firmware, Netgear Fs728Tlp, Netgear Gs105E Firmware, Netgear Gs105E, Netgear Gs105Pe Firmware.