CVE-2019-20717

moderate-risk

Published 2020-04-16

Certain NETGEAR devices are affected by denial of service. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, EX2700 before 1.0.1.52, EX6200v2 before 1.0.1.74, EX8000 before 1.0.1.180, R7500v2 before 1.0.3.38, R7800 before 1.0.2.58, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, SRK60 before 2.2.1.210, SRR60 before 2.2.1.210, SRS60 before 2.2.1.210, WN2000RPTv3 before 1.0.1.34, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, and WNDR4500v3 before 1.0.0.58.

Do I need to act?

0.19% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

ADJACENT_NETWORK / LOW complexity

Affected Products (20)

D3600 Firmware

D6000 Firmware

D7800 Firmware

Ex2700 Firmware

Ex6200 Firmware

Ex8000 Firmware

R7500 Firmware

R7800 Firmware

Rbk20 Firmware

Rbr20 Firmware

Rbs20 Firmware

Rbk50 Firmware

Rbr50 Firmware

Rbs50 Firmware

Rbs40 Firmware

Srk60 Firmware

Srr60 Firmware

Srs60 Firmware

Wn2000Rpt Firmware

Wn3000Rp Firmware

Affected Vendors

Netgear

References (2)

Vendor Advisory https://kb.netgear.com/000061211/Security-Advisory-for-Denial-of-Service-on-Some...

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 1/34 · Minimal

Exposure 21/34 · High