CVE-2020-35798

EPSS 0.38%
Published 30.12.2020 00:15:14
Last modified 21.11.2024 05:28:08
Source cve@mitre.org
Teams watchlist Login
Open Login

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R6900P before 1.3.2.124, R7000 before 1.0.11.100, R7000P before 1.3.2.124, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7960P before 1.4.1.50, R8000 before 1.0.4.52, R7900P before 1.4.1.50, R8000P before 1.4.1.50, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.1.12, RAX45 before 1.0.2.66, RAX50 before 1.0.2.66, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RS400 before 1.5.0.48, and XR300 before 1.0.3.50.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Netgear ≫ R6400v2 Firmware Version < 1.0.4.84

Netgear ≫ R6400v2 Version-

Netgear ≫ R6700v3 Firmware Version < 1.0.4.84

Netgear ≫ R6700v3 Version-

Netgear ≫ R6900p Firmware Version < 1.3.2.124

Netgear ≫ R6900p Version-

Netgear ≫ R7000 Firmware Version < 1.0.11.100

Netgear ≫ R7000 Version-

Netgear ≫ R7000p Firmware Version < 1.3.2.124

Netgear ≫ R7000p Version-

Netgear ≫ R7800 Firmware Version < 1.0.2.74

Netgear ≫ R7800 Version-

Netgear ≫ R7850 Firmware Version < 1.0.5.60

Netgear ≫ R7850 Version-

Netgear ≫ R7900 Firmware Version < 1.0.4.26

Netgear ≫ R7900 Version-

Netgear ≫ R7960p Firmware Version < 1.4.1.50

Netgear ≫ R7960p Version-

Netgear ≫ R8000 Firmware Version < 1.0.4.52

Netgear ≫ R8000 Version-

Netgear ≫ R7900p Firmware Version < 1.4.1.50

Netgear ≫ R7900p Version-

Netgear ≫ R8000p Firmware Version < 1.4.1.50

Netgear ≫ R8000p Version-

Netgear ≫ Rax15 Firmware Version < 1.0.1.64

Netgear ≫ Rax15 Version-

Netgear ≫ Rax20 Firmware Version < 1.0.1.64

Netgear ≫ Rax20 Version-

Netgear ≫ Rax200 Firmware Version < 1.0.1.12

Netgear ≫ Rax200 Version-

Netgear ≫ Rax45 Firmware Version < 1.0.2.66

Netgear ≫ Rax45 Version-

Netgear ≫ Rax50 Firmware Version < 1.0.2.66

Netgear ≫ Rax50 Version-

Netgear ≫ Rax75 Firmware Version < 1.0.3.102

Netgear ≫ Rax75 Version-

Netgear ≫ Rax80 Firmware Version < 1.0.3.102

Netgear ≫ Rax80 Version-

Netgear ≫ Rbk752 Firmware Version < 3.2.16.6

Netgear ≫ Rbk752 Version-

Netgear ≫ Rbr750 Firmware Version < 3.2.16.6

Netgear ≫ Rbr750 Version-

Netgear ≫ Rbs750 Firmware Version < 3.2.16.6

Netgear ≫ Rbs750 Version-

Netgear ≫ Rbk852 Firmware Version < 3.2.15.25

Netgear ≫ Rbk852 Version-

Netgear ≫ Rbr850 Firmware Version < 3.2.15.25

Netgear ≫ Rbr850 Version-

Netgear ≫ Rbs850 Firmware Version < 3.2.15.25

Netgear ≫ Rbs850 Version-

Netgear ≫ Rbk842 Firmware Version < 3.2.15.25

Netgear ≫ Rbk842 Version-

Netgear ≫ Rbr840 Firmware Version < 3.2.15.25

Netgear ≫ Rbr840 Version-

Netgear ≫ Rbs840 Firmware Version < 3.2.15.25

Netgear ≫ Rbs840 Version-

Netgear ≫ Rs400 Firmware Version < 1.5.0.48

Netgear ≫ Rs400 Version-

Netgear ≫ Xr300 Firmware Version < 1.0.3.50

Netgear ≫ Xr300 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.38%	0.562

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
cve@mitre.org	9.3	2.5	6	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

https://kb.netgear.com/000062715/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2019-0218

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-35798

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-35798

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-35798

EUVD