Strix
26.1K

CVE-2019-20676

MEDIUMCVSS 6/10EPSS 0.30%

Last modified

CVE-2019-20676 is a medium-severity vulnerability rated 6/10 on the CVSS scale. Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS724TPv2 before 1.1.1.29, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1.. EPSS estimates a 0.30% chance of exploitation in the next 30 days.

Description

Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS724TPv2 before 1.1.1.29, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1.

Metrics

CVSS 3.1
6/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

EPSS Probability
0.30%

21.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
NetgearFs728tlp Firmware< 1.0.1.26
NetgearGs105e Firmware< 1.6.0.4
NetgearGs105pe Firmware< 1.6.0.4
NetgearGs108e Firmware< 2.06.08
NetgearGs108pe Firmware< 2.06.08
NetgearGs110emx Firmware< 1.0.1.4
NetgearGs116e Firmware< 2.6.0.35
NetgearGs408epp Firmware< 1.0.0.15
NetgearGs724tp Firmware< 1.1.1.29
NetgearGs808e Firmware< 1.7.0.7
NetgearGs810emx Firmware< 1.7.1.1
NetgearGs908e Firmware< 1.7.0.3
NetgearGss108e Firmware< 1.6.0.4
NetgearGss108epp Firmware< 1.0.0.15
NetgearGss116e Firmware< 1.6.0.9
NetgearJgs516pe Firmware< 2.6.0.35
NetgearJgs524e Firmware< 2.6.0.35
NetgearJgs524pe Firmware< 2.6.0.35
NetgearXs512em Firmware< 1.0.1.1
NetgearXs708e Firmware< 1.6.0.23
NetgearXs716e Firmware< 1.6.0.23
NetgearXs724em Firmware< 1.0.1.1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-20676?
Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS724TPv2 before 1.1.1.29, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1.
How severe is CVE-2019-20676?
CVE-2019-20676 has a CVSS score of 6/10 (MEDIUM severity). The EPSS model estimates a 0.30% probability of exploitation in the next 30 days.
How do I fix CVE-2019-20676?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-20676?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST