CVE-2019-20676

Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS724TPv2 before 1.1.1.29, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:fs728tlp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:fs728tlp:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:netgear:gs105e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:gs105e:v2:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netgear:gs105pe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:gs105pe:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netgear:gs108e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:gs108e:v3:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netgear:gs108pe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:gs108pe:v3:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netgear:gs110emx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:gs110emx:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netgear:gs116e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:gs116e:v2:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:netgear:gs408epp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:gs408epp:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:netgear:gs724tp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:gs724tp:v2:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:netgear:gs808e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:gs808e:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:netgear:gs810emx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:gs810emx:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:netgear:gs908e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:gs908e:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:netgear:gss108e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:gss108e:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:netgear:gss108epp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:gss108epp:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:netgear:gss116e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:gss116e:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:netgear:jgs516pe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:jgs516pe:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:netgear:jgs524e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:jgs524e:v2:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:netgear:jgs524pe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:jgs524pe:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:netgear:xs512em_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:xs512em:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:netgear:xs708e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:xs708e:v2:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:netgear:xs716e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:xs716e:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:netgear:xs724em_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:xs724em:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:39

Type Values Removed Values Added
References () https://kb.netgear.com/000061463/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Switches-PSV-2018-0542 - Vendor Advisory () https://kb.netgear.com/000061463/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Switches-PSV-2018-0542 - Vendor Advisory

Information

Published : 2020-04-15 20:15

Updated : 2024-11-21 04:39


NVD link : CVE-2019-20676

Mitre link : CVE-2019-20676

CVE.ORG link : CVE-2019-20676


JSON object : View

Products Affected

netgear

  • xs716e_firmware
  • jgs524e
  • xs716e
  • gs810emx_firmware
  • xs724em
  • xs512em_firmware
  • xs708e_firmware
  • jgs524pe
  • gs105e_firmware
  • xs708e
  • gss108e_firmware
  • gs116e
  • xs724em_firmware
  • jgs516pe_firmware
  • gs908e_firmware
  • gs108e_firmware
  • gs108pe_firmware
  • gs908e
  • jgs524pe_firmware
  • fs728tlp
  • jgs516pe
  • gs105pe_firmware
  • gss116e_firmware
  • gs116e_firmware
  • gss116e
  • gss108epp_firmware
  • gs408epp_firmware
  • gs808e
  • gs408epp
  • jgs524e_firmware
  • xs512em
  • gs108pe
  • gs105pe
  • gs110emx_firmware
  • fs728tlp_firmware
  • gs108e
  • gs810emx
  • gs808e_firmware
  • gs110emx
  • gs105e
  • gss108epp
  • gss108e
  • gs724tp
  • gs724tp_firmware
CWE
CWE-862

Missing Authorization