CVE-2019-20656 : Certain NETGEAR devices are affected by a hardcoded password. This affects D6200

Certain NETGEAR devices are affected by a hardcoded password. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.24, JR6150 before 1.0.1.24, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6230 before 1.1.0.86, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, and WNR2020 before 1.1.0.62.

Published 2020-04-15 19:15:13

Updated 2020-04-22 14:11:13

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2019-20656

Netgear » R6700 Firmware
Versions before (<) 1.2.0.62
cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6700 » Version: V2
Netgear » R6900 Firmware
Versions before (<) 1.2.0.62
cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6900 » Version: V2
Netgear » D6200 Firmware
Versions before (<) 1.1.00.36
cpe:2.3:o:netgear:d6200_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » D6200 » Version: N/A
Netgear » Jr6150 Firmware
Versions before (<) 1.0.1.24
cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Jr6150 » Version: N/A
Netgear » R6050 Firmware
Versions before (<) 1.0.1.24
cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6050 » Version: N/A
Netgear » R6220 Firmware
Versions before (<) 1.1.0.86
cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6220 » Version: N/A
Netgear » Wnr2020 Firmware
Versions before (<) 1.1.0.62
cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Wnr2020 » Version: N/A
Netgear » D7000 Firmware
Versions before (<) 1.0.1.74
cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » D7000 » Version: N/A
Netgear » Pr2000 Firmware
Versions before (<) 1.0.0.30
cpe:2.3:o:netgear:pr2000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Pr2000 » Version: N/A
Netgear » R6020 Firmware
Versions before (<) 1.0.0.42
cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6020 » Version: N/A
Netgear » R6080 Firmware
Versions before (<) 1.0.0.42
cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6080 » Version: N/A
Netgear » R6120 Firmware
Versions before (<) 1.0.0.48
cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6120 » Version: N/A
Netgear » R6800 Firmware
Versions before (<) 1.2.0.62
cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6800 » Version: N/A
Netgear » R6230 Firmware
Versions before (<) 1.1.0.86
cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6230 » Version: N/A
Netgear » R6260 Firmware
Versions before (<) 1.1.0.64
cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6260 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-20656

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 10 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-20656

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.3	LOW	AV:A/AC:L/Au:N/C:P/I:N/A:N	6.5	2.9	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
6.4	MEDIUM	CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N	1.2	5.2	MITRE
Attack Vector: Adjacent Network Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: None
8.8	HIGH	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-20656

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-20656

https://kb.netgear.com/000061483/Security-Advisory-for-Hardcoded-Password-on-Some-Routers-and-Gateways-PSV-2018-0623

Security Advisory for Hardcoded Password on Some Routers and Gateways, PSV-2018-0623 | Answer | NETGEAR Support
Vendor Advisory

Jump to

Vulnerability Details : CVE-2019-20656

Products affected by CVE-2019-20656

Exploit prediction scoring system (EPSS) score for CVE-2019-20656

CVSS scores for CVE-2019-20656

CWE ids for CVE-2019-20656

References for CVE-2019-20656