Which NETGEAR devices are affected by CVE-2019-20734?

D6220, D8500, EX3700, EX3800, EX6000, EX6100, EX6120, EX6130, and EX6150v2 are affected.

What is the severity of CVE-2019-20734?

The severity of CVE-2019-20734 is high (8.8).

How can an attacker exploit CVE-2019-20734?

An unauthenticated attacker can exploit CVE-2019-20734 by performing a buffer overflow.

Are the affected NETGEAR devices vulnerable even if they are not in the affected firmware version range?

No, the affected NETGEAR devices are only vulnerable if they are within the specified firmware version range.

Where can I find more information about CVE-2019-20734?

You can find more information about CVE-2019-20734 in the Netgear Security Advisory.

Vulnerability/
CVE-2019-20734

high

8.8

CWE

120 119

16/4/2020

5/8/2024

CVE-2019-20734: Buffer Overflow

First published: Thu Apr 16 2020(Updated: )

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.40, D8500 before 1.0.3.39, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.22, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6300v2 before 1.0.4.18, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6700v3 before 1.0.2.32, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R6900P before 1.0.0.56, R7000P before 1.0.0.56, R7100LG before 1.0.0.42, R7300DST before 1.0.0.54, R7900 before 1.0.1.26, R8300 before 1.0.2.106, R8500 before 1.0.2.106, WN2500RPv2 before 1.0.1.54, and WNR3500Lv2 before 1.2.0.46. NOTE: this may be a result of an incomplete fix for CVE-2017-18864.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Netgear D6220 Firmware	<1.0.0.40
NETGEAR D6220
Netgear D8500 Firmware	<1.0.3.39
Netgear D8500
Netgear Ex3700 Firmware	<1.0.0.70
Netgear EX3700
Netgear Ex3800 Firmware	<1.0.0.70
Netgear Ex3800
Netgear Ex6000 Firmware	<1.0.0.30
Netgear Ex6000
Netgear Ex6100 Firmware	<1.0.2.22
Netgear EX6100
Netgear Ex6120 Firmware	<1.0.0.40
Netgear EX6120
Netgear Ex6130 Firmware	<1.0.0.22
Netgear Ex6130
Netgear Ex6150 Firmware	<1.0.0.42
Netgear Ex6150	=v1
Netgear Ex6200 Firmware	<1.0.3.88
Netgear EX6200
Netgear Ex7000 Firmware	<1.0.0.66
NETGEAR EX7000
Netgear R6300 Firmware	<1.0.4.18
Netgear R6300	=v2
Netgear R6400 Firmware	<1.0.1.24
NETGEAR R6400
Netgear R6400 Firmware	<1.0.2.32
NETGEAR R6400	=v2
Netgear R6700 Firmware	<1.0.1.22
NETGEAR R6700
Netgear R6700 Firmware	<1.0.2.32
NETGEAR R6700	=v3
Netgear R6900 Firmware	<1.0.1.22
Netgear R6900
Netgear R7000 Firmware	<1.0.9.6
NETGEAR R7000
Netgear R6900p Firmware	<1.0.0.56
Netgear R6900P
Netgear R7000p Firmware	<1.0.0.56
Netgear R7000P
Netgear R7100lg Firmware	<1.0.0.42
Netgear R7100LG
Netgear R7300dst Firmware	<1.0.0.54
Netgear R7300dst
Netgear R7900 Firmware	<1.0.1.26
Netgear R7900
Netgear R8300 Firmware	<1.0.2.106
NETGEAR R8300
Netgear R8500 Firmware	<1.0.2.106
NETGEAR R8500
Netgear Wn2500rp Firmware	<1.0.1.54
Netgear Wn2500rp	=v2
Netgear Wnr3500l Firmware	<1.2.0.46
Netgear Wnr3500l	=v2

Never miss a vulnerability like this again

Reference Links

https://kb.netgear.com/000061192/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2017-0791

Frequently Asked Questions

Which NETGEAR devices are affected by CVE-2019-20734?
D6220, D8500, EX3700, EX3800, EX6000, EX6100, EX6120, EX6130, and EX6150v2 are affected.
What is the severity of CVE-2019-20734?
The severity of CVE-2019-20734 is high (8.8).
How can an attacker exploit CVE-2019-20734?
An unauthenticated attacker can exploit CVE-2019-20734 by performing a buffer overflow.
Are the affected NETGEAR devices vulnerable even if they are not in the affected firmware version range?
No, the affected NETGEAR devices are only vulnerable if they are within the specified firmware version range.
Where can I find more information about CVE-2019-20734?
You can find more information about CVE-2019-20734 in the Netgear Security Advisory.