First published: Thu Apr 16 2020(Updated: )
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Netgear Xr500 Firmware | <2.3.2.32 | |
NETGEAR XR500 | ||
Netgear D3600 Firmware | <1.0.0.76 | |
NETGEAR D3600 | ||
Netgear D6000 Firmware | <1.0.0.76 | |
Netgear D6000 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.
The severity level of CVE-2019-20710 is high (8.0).
Update your NETGEAR device firmware to the latest version available.
You can find more information about CVE-2019-20710 in the Netgear security advisory: https://kb.netgear.com/000061219/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2018-0338
The Common Weakness Enumeration (CWE) ID for CVE-2019-20710 is 77.