8.4

CVE-2020-35777

NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NetgearDgn2200v1 Firmware Version < 1.0.0.58
   NetgearDgn2200v1 Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.8% 0.518
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.4 1.7 6
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov 7.7 5.1 10
AV:A/AC:L/Au:S/C:C/I:C/A:C
cve@mitre.org 8.4 1.7 6
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

https://kb.netgear.com/000062634/Security-Advisory-for-Command-Injection-Vulnerability-on-DGN2200v1-PSV-2020-0411
Vendor Advisory