Vulnerabilities > CVE-2019-20697 - Out-of-bounds Write vulnerability in Netgear products

CVSS 8.8 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

netgear

CWE-787

NVD

Published: 2020-04-16

Updated: 2020-04-22

Summary

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects GS728TPPv2 before 6.0.0.48, GS728TPv2 before 6.0.0.48, GS750E before 1.0.1.4, GS752TPP before 6.0.0.48, and GS752TPv2 before 6.0.0.48.

Vulnerable Configurations

Part	Description	Count
OS	Netgear Netgear Gs728Tpp Firmware * Netgear Gs728Tp Firmware * Netgear Gs750E Firmware * Netgear Gs752Tpp Firmware * Netgear Gs752Tp Firmware *	5
Hardware	Netgear Netgear Gs728Tpp V2 Netgear Gs728Tp V2 Netgear Gs750E - Netgear Gs752Tpp - Netgear Gs752Tp V2	5

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://kb.netgear.com/000061232/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Switches-PSV-2019-0066