Lucene search

[email protected]CVE-2020-26909

HistoryOct 09, 2020 - 7:15 a.m.

CVE-2020-26909

2020-10-0907:15:16

CWE-77

[email protected]

web.nvd.nist.gov

netgear

command injection

cve-2020-26909

security vulnerability

nvd

8.3 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.7%

JSON

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.58 and R7500v2 before 1.0.3.48.

Affected configurations

NVD

Node

netgeard7800_firmwareRange<1.0.1.58

AND

netgeard7800Match-

Node

netgearr7500v2_firmwareRange<1.0.3.48

AND

netgearr7500v2Match-

CPENameOperatorVersion
netgear:d7800_firmwarenetgear d7800 firmwarelt1.0.1.58

CPE	Name	Operator	Version
netgear:d7800_firmware	netgear d7800 firmware	lt	1.0.1.58

References

kb.netgear.com/000062344/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-PSV-2020-0163

8.3 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.7%

JSON

Related for CVE-2020-26909

cvelist1 nvd1 prion1