1. Home
  2. CVE Database
  3. CVE-2019-20699
CRITICAL · 9.8

CVE-2019-20699

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7,...

Vulnerability Description

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, and GSS108EPP before 1.0.0.15.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
NetgearGs105E Firmware< 1.6.0.4
NetgearGs105Ev2
NetgearGs105Pe Firmware< 1.6.0.4
NetgearGs105Pe-
NetgearGs408Epp Firmware< 1.0.0.15
NetgearGs408Epp-
NetgearGs808E Firmware< 1.7.0.7
NetgearGs808E-
NetgearGs908E Firmware< 1.7.0.3
NetgearGs908E-
NetgearGss108E Firmware< 1.6.0.4
NetgearGss108E-
NetgearGss108Epp Firmware< 1.0.0.15
NetgearGss108Epp-

Related Weaknesses (CWE)

CWE-120

References

FAQ

What is CVE-2019-20699?

CVE-2019-20699 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7,...

How severe is CVE-2019-20699?

CVE-2019-20699 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-20699?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Gs105E Firmware, Netgear Gs105E, Netgear Gs105Pe Firmware, Netgear Gs105Pe, Netgear Gs408Epp Firmware.