CVE-2019-20767: Buffer Overflow
First published: Wed Apr 15 2020(Updated: )
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, D3600 before 1.0.0.75, D6000 before 1.0.0.75, R9000 before 1.0.4.26, R8900 before 1.0.4.26, R7800 before 1.0.2.52, WNDR4500v3 before 1.0.0.58, WNDR4300v2 before 1.0.0.58, WNDR4300 before 1.0.2.104, WNDR3700v4 before 1.0.2.102, and WNR2000v5 before 1.0.0.66.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NETGEAR D6100 firmware | <1.0.0.60 | |
| NETGEAR D6100 firmware | ||
| NETGEAR D3600 firmware | <1.0.0.75 | |
| NETGEAR D3600 firmware | ||
| NETGEAR D6000 firmware | <1.0.0.75 | |
| NETGEAR D6000 firmware | ||
| NETGEAR R9000 firmware | <1.0.4.26 | |
| NETGEAR R9000 firmware | ||
| NETGEAR R8900 firmware | <1.0.4.26 | |
| NETGEAR R8900 | ||
| NETGEAR R7800 firmware | <1.0.2.52 | |
| NETGEAR R7800 | ||
| NETGEAR WNDR4500 firmware | <1.0.0.58 | |
| NETGEAR WNDR4500v3 | =v3 | |
| NETGEAR WNDR4300v2 firmware | <1.0.0.58 | |
| NETGEAR wndr4300v2 | =v2 | |
| NETGEAR WNDR4300v2 firmware | <1.0.2.104 | |
| NETGEAR wndr4300v2 | ||
| NETGEAR WNDR3700 firmware | <1.0.2.102 | |
| NETGEAR WNDR3700v4 | =v4 | |
| NETGEAR WNR2000v2 | <1.0.0.66 | |
| Netgear WNR2000v4 | =v5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2019-20767?
CVE-2019-20767 is classified as a high severity vulnerability due to its nature as a stack-based buffer overflow that can be exploited by authenticated users.
How do I fix CVE-2019-20767?
To fix CVE-2019-20767, upgrade your NETGEAR device firmware to a version equal to or later than 1.0.0.60 for D6100, 1.0.0.75 for D3600/D6000, 1.0.4.26 for R9000/R8900, and 1.0.2.52 for R7800.
Which NETGEAR devices are affected by CVE-2019-20767?
CVE-2019-20767 affects NETGEAR devices including D6100, D3600, D6000, R9000, R8900, R7800, WNDR4500v3, and WNDR4300v2 if they are running vulnerable firmware versions.
Can CVE-2019-20767 be exploited remotely?
CVE-2019-20767 cannot be exploited remotely as it requires an authenticated user to initiate the attack.
Is there a workaround for CVE-2019-20767?
There are no effective workarounds for CVE-2019-20767; updating the firmware is the recommended solution to mitigate the vulnerability.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/netgear
- canonical/netgear d6100 firmware
- canonical/netgear d3600 firmware
- canonical/netgear d6000 firmware
- canonical/netgear r9000 firmware
- canonical/netgear r8900 firmware
- canonical/netgear r8900
- canonical/netgear r7800 firmware
- canonical/netgear r7800
- canonical/netgear wndr4500 firmware
- canonical/netgear wndr4500v3
- version/netgear wndr4500v3/v3
- canonical/netgear wndr4300v2 firmware
- canonical/netgear wndr4300v2
- version/netgear wndr4300v2/v2
- canonical/netgear wndr3700 firmware
- canonical/netgear wndr3700v4
- version/netgear wndr3700v4/v4
- canonical/netgear wnr2000v2
- canonical/netgear wnr2000v4
- version/netgear wnr2000v4/v5