How severe is CVE-2019-20680?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2019-20680?

This is classified as CWE-77, which is a common weakness in software security.

CVE-2019-20680 - HIGH Severity | CVSS 7

Vulnerability Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7000v2 before 1.0.0.53, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.60, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.46, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.32.

Related Vulnerabilities

CVE-2016-4444

HIGH

CVSS:7.0(High)

The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the comman...

CWE-772016

CVE-2016-4445

HIGH

CVSS:7.0(High)

The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to exec...

CWE-772016

CVE-2016-4446

HIGH

CVSS:7.0(High)

The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput func...

CWE-772016

CVE-2016-4989

HIGH

CVSS:7.0(High)

setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by ...

CWE-772016

CVE-2020-14342

HIGH

CVSS:7.0(High)

It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special p...

CWE-772020

CVE-2023-36805

HIGH

CVSS:7.0(High)

Windows MSHTML Platform Security Feature Bypass Vulnerability

CWE-772023