Vulnerability Description
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.
CVSS Score
8.0
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | Xr500 Firmware | < 2.3.2.32 |
| Netgear | Xr500 | - |
| Netgear | D3600 Firmware | < 1.0.0.76 |
| Netgear | D3600 | - |
| Netgear | D6000 Firmware | < 1.0.0.76 |
| Netgear | D6000 | - |
Related Weaknesses (CWE)
References
- https://kb.netgear.com/000061220/Security-Advisory-for-Post-Authentication-CommaVendor Advisory
- https://kb.netgear.com/000061220/Security-Advisory-for-Post-Authentication-CommaVendor Advisory
FAQ
What is CVE-2019-20709?
CVE-2019-20709 is a vulnerability with a CVSS score of 8.0 (HIGH). Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.
How severe is CVE-2019-20709?
CVE-2019-20709 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-20709?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear Xr500 Firmware, Netgear Xr500, Netgear D3600 Firmware, Netgear D3600, Netgear D6000 Firmware.