Vulnerabilities > CVE-2019-20716 - Out-of-bounds Write vulnerability in Netgear Dgn2200 Firmware and Dgnd2200B Firmware

CVSS 6.8 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

netgear

CWE-787

NVD

Published: 2020-04-16

Updated: 2020-04-22

Summary

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects DGN2200v4 before 1.0.0.110 and DGND2200Bv4 before 1.0.0.109.

Vulnerable Configurations

Part	Description	Count
OS	Netgear Netgear Dgn2200 Firmware - Netgear Dgn2200 Firmware 1.0.0.50_7.0.50 Netgear Dgn2200 Firmware 1.0.0.55 Netgear Dgn2200 Firmware 1.0.0.58 Netgear Dgn2200 Firmware 1.0.0.60 Netgear Dgn2200 Firmware 1.0.0.82 Netgear Dgn2200 Firmware 1.0.0.86 Netgear Dgn2200 Firmware 1.0.0.94 Netgear Dgn2200 Firmware 1.0.0.96 Netgear Dgn2200 Firmware 1.0.0.102 Netgear Dgn2200 Firmware 1.0.0.106 Netgear Dgn2200 Firmware 1.0.0.108 Netgear Dgnd2200B Firmware 1.0.0.86 Netgear Dgnd2200B Firmware 1.0.0.102 Netgear Dgnd2200B Firmware 1.0.0.106 Netgear Dgnd2200B Firmware 1.0.0.108	16
Hardware	Netgear Netgear Dgn2200 V4 Netgear Dgnd2200B V4	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://kb.netgear.com/000061212/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-DGN2200v4-and-DGND2200Bv4-PSV-2018-0241