var-202004-0891
Vulnerability from variot
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 8.2.1.16 and WAC510 before 8.2.1.16. NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505 and NETGEAR WAC510 are both wireless access points (AP) of NETGEAR.
There is an injection vulnerability in NETGEAR WAC505 before 8.2.1.16 and WAC510 before 8.2.1.16. The vulnerability stems from the operation process of the user inputting the construction command, data structure or record, the network system or product lacks the correct verification of the user input data, and the special elements are not filtered or properly filtered out. The attacker can use the vulnerability to cause the system Or the product has a wrong interpretation or interpretation method
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0891",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wac505",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "8.2.1.16"
},
{
"model": "wac510",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "8.2.1.16"
},
{
"model": "wac505",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "8.2.1.16"
},
{
"model": "wac510",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "8.2.1.16"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-26957"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015362"
},
{
"db": "NVD",
"id": "CVE-2019-20651"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:wac505_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:wac510_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015362"
}
]
},
"cve": "CVE-2019-20651",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2019-20651",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015362",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-26957",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2019-20651",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "cve@mitre.org",
"availabilityImpact": "LOW",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.5,
"id": "CVE-2019-20651",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015362",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-20651",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve@mitre.org",
"id": "CVE-2019-20651",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-015362",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-26957",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-1235",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-26957"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015362"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1235"
},
{
"db": "NVD",
"id": "CVE-2019-20651"
},
{
"db": "NVD",
"id": "CVE-2019-20651"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 8.2.1.16 and WAC510 before 8.2.1.16. NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR WAC505 and NETGEAR WAC510 are both wireless access points (AP) of NETGEAR. \n\r\n\r\nThere is an injection vulnerability in NETGEAR WAC505 before 8.2.1.16 and WAC510 before 8.2.1.16. The vulnerability stems from the operation process of the user inputting the construction command, data structure or record, the network system or product lacks the correct verification of the user input data, and the special elements are not filtered or properly filtered out. The attacker can use the vulnerability to cause the system Or the product has a wrong interpretation or interpretation method",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-20651"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015362"
},
{
"db": "CNVD",
"id": "CNVD-2020-26957"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-20651",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015362",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-26957",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1235",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-26957"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015362"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1235"
},
{
"db": "NVD",
"id": "CVE-2019-20651"
}
]
},
"id": "VAR-202004-0891",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-26957"
}
],
"trust": 0.9767737
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-26957"
}
]
},
"last_update_date": "2024-11-23T22:21:13.147000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Post-Authentication Command Injection on WAC505 and WAC510, PSV-2019-0176",
"trust": 0.8,
"url": "https://kb.netgear.com/000061491/Security-Advisory-for-Post-Authentication-Command-Injection-on-WAC505-and-WAC510-PSV-2019-0176"
},
{
"title": "Patch for NETGEAR WAC505 and WAC510 command injection vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/216427"
},
{
"title": "NETGEAR WAC505 and WAC510 Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116534"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-26957"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015362"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1235"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "CWE-74",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015362"
},
{
"db": "NVD",
"id": "CVE-2019-20651"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20651"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/000061491/security-advisory-for-post-authentication-command-injection-on-wac505-and-wac510-psv-2019-0176"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20651"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-26957"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015362"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1235"
},
{
"db": "NVD",
"id": "CVE-2019-20651"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-26957"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015362"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1235"
},
{
"db": "NVD",
"id": "CVE-2019-20651"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-26957"
},
{
"date": "2020-05-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015362"
},
{
"date": "2020-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1235"
},
{
"date": "2020-04-15T19:15:12.643000",
"db": "NVD",
"id": "CVE-2019-20651"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-26957"
},
{
"date": "2020-05-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015362"
},
{
"date": "2020-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1235"
},
{
"date": "2024-11-21T04:38:58.340000",
"db": "NVD",
"id": "CVE-2019-20651"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1235"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NETGEAR Injection vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015362"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1235"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.