CVE-2019-20676
First published: Wed Apr 15 2020(Updated: )
Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS724TPv2 before 1.1.1.29, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgear FS728TLP Firmware | <1.0.1.26 | |
| Netgear FS728TL-POE | ||
| Netgear GS105E Firmware | <1.6.0.4 | |
| Netgear GS105E Firmware | =v2 | |
| Netgear GS105PE | <1.6.0.4 | |
| Netgear GS105PE Firmware | ||
| Netgear GS108E Firmware | <2.06.08 | |
| Netgear GS108E Firmware | =v3 | |
| Netgear GS108PE Firmware | <2.06.08 | |
| Netgear GS108PE Firmware | =v3 | |
| Netgear GS110EMX Firmware | <1.0.1.4 | |
| Netgear GS110EMX Firmware | ||
| Netgear GS116E Firmware | <2.6.0.35 | |
| Netgear GS116E | =v2 | |
| Netgear GS408EPP Firmware | <1.0.0.15 | |
| Netgear GS408EPP Firmware | ||
| Netgear GS724TP | <1.1.1.29 | |
| Netgear GS724TPv2 | =v2 | |
| Netgear GS808E Firmware | <1.7.0.7 | |
| Netgear GS808E Firmware | ||
| Netgear GS810EMX Firmware | <1.7.1.1 | |
| Netgear GS810EMX Firmware | ||
| Netgear GS908E | <1.7.0.3 | |
| Netgear GS908E Firmware | ||
| Netgear GSS108E | <1.6.0.4 | |
| Netgear GSS108E Firmware | ||
| Netgear GSS108EPP Firmware | <1.0.0.15 | |
| Netgear GSS108EPP Firmware | ||
| Netgear Gss116e Firmware | <1.6.0.9 | |
| Netgear Gss116e Firmware | ||
| Netgear JGS516PE Firmware | <2.6.0.35 | |
| Netgear JGS516PE Firmware | ||
| Netgear JGS524E Firmware | <2.6.0.35 | |
| Netgear JGS524E Firmware | =v2 | |
| Netgear JGS524PE | <2.6.0.35 | |
| Netgear Jgs524pe Firmware | ||
| Netgear XS512EM Firmware | <1.0.1.1 | |
| Netgear XS512EM Firmware | ||
| Netgear XS708T | <1.6.0.23 | |
| Netgear XS708E | =v2 | |
| Netgear Xs716e Firmware | <1.6.0.23 | |
| Netgear Xs716e Firmware | ||
| Netgear XS724EM | <1.0.1.1 | |
| Netgear XS724EM |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-20676?
CVE-2019-20676 is a vulnerability that affects certain NETGEAR devices due to lack of access control at the function level.
Which NETGEAR devices are affected by CVE-2019-20676?
The affected NETGEAR devices include FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, and more.
What is the severity of CVE-2019-20676?
CVE-2019-20676 has a severity level of medium.
How can I fix CVE-2019-20676?
To fix CVE-2019-20676, you should update the firmware of the affected NETGEAR device to the latest version provided by the manufacturer.
Where can I find more information about CVE-2019-20676?
You can find more information about CVE-2019-20676 in the Netgear security advisory: https://kb.netgear.com/000061463/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Switches-PSV-2018-0542
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/netgear
- canonical/netgear fs728tlp firmware
- canonical/netgear fs728tl-poe
- canonical/netgear gs105e firmware
- version/netgear gs105e firmware/v2
- canonical/netgear gs105pe
- canonical/netgear gs105pe firmware
- canonical/netgear gs108e firmware
- version/netgear gs108e firmware/v3
- canonical/netgear gs108pe firmware
- version/netgear gs108pe firmware/v3
- canonical/netgear gs110emx firmware
- canonical/netgear gs116e firmware
- canonical/netgear gs116e
- version/netgear gs116e/v2
- canonical/netgear gs408epp firmware
- canonical/netgear gs724tp
- canonical/netgear gs724tpv2
- version/netgear gs724tpv2/v2
- canonical/netgear gs808e firmware
- canonical/netgear gs810emx firmware
- canonical/netgear gs908e
- canonical/netgear gs908e firmware
- canonical/netgear gss108e
- canonical/netgear gss108e firmware
- canonical/netgear gss108epp firmware
- canonical/netgear gss116e firmware
- canonical/netgear jgs516pe firmware
- canonical/netgear jgs524e firmware
- version/netgear jgs524e firmware/v2
- canonical/netgear jgs524pe
- canonical/netgear jgs524pe firmware
- canonical/netgear xs512em firmware
- canonical/netgear xs708t
- canonical/netgear xs708e
- version/netgear xs708e/v2
- canonical/netgear xs716e firmware
- canonical/netgear xs724em