CVE-2019-20699

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, and GSS108EPP before 1.0.0.15.

Published: Apr 16, 2020
Updated: Apr 13, 2023
CVE: CVE-2019-20699
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-120

Affected Software
References

Software	From	Fixed in
netgear / gs105e_firmware	-	1.6.0.4
netgear / gs105pe_firmware	-	1.6.0.4
netgear / gs408epp_firmware	-	1.0.0.15
netgear / gs808e_firmware	-	1.7.0.7
netgear / gs908e_firmware	-	1.7.0.3
netgear / gss108e_firmware	-	1.6.0.4
netgear / gss108epp_firmware	-	1.0.0.15

https://kb.netgear.com/000061230/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Switches-PSV-2018-0538

Vulnerability Database

290,018

CVE-2019-20699