1. Home
  2. CVE Database
  3. CVE-2019-20724
MEDIUM · 6.8

CVE-2019-20724

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, D7800 before 1.0.1.44, R7500v2 bef...

Vulnerability Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
NetgearD3600 Firmware< 1.0.0.75
NetgearD3600-
NetgearD6000 Firmware< 1.0.0.75
NetgearD6000-
NetgearD6100 Firmware< 1.0.0.63
NetgearD6100-
NetgearR7500 Firmware< 1.0.3.38
NetgearR7500v2
NetgearR7800 Firmware< 1.0.2.52
NetgearR7800-
NetgearR8900 Firmware< 1.0.4.2
NetgearR8900-
NetgearR9000 Firmware< 1.0.4.2
NetgearR9000-
NetgearRbk20 Firmware< 2.3.0.28
NetgearRbk20-
NetgearRbr20 Firmware< 2.3.0.28
NetgearRbr20-
NetgearRbs20 Firmware< 2.3.0.28
NetgearRbs20-

Related Weaknesses (CWE)

CWE-77

References

FAQ

What is CVE-2019-20724?

CVE-2019-20724 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, D7800 before 1.0.1.44, R7500v2 bef...

How severe is CVE-2019-20724?

CVE-2019-20724 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-20724?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear D3600 Firmware, Netgear D3600, Netgear D6000 Firmware, Netgear D6000, Netgear D6100 Firmware.