Lucene search

[email protected]CVE-2020-26914

HistoryOct 09, 2020 - 7:15 a.m.

CVE-2020-26914

2020-10-0907:15:00

CWE-77

[email protected]

web.nvd.nist.gov

netgear

authenticated user

command injection

cve-2020-26914

nvd

7.1 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

Low

5.2 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.3%

JSON

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62.

CPENameOperatorVersion
netgear:d6200_firmwarenetgear d6200 firmwarelt1.1.00.38
netgear:d7000_firmwarenetgear d7000 firmwarelt1.0.1.78
netgear:jr6150_firmwarenetgear jr6150 firmwarelt1.0.1.24
netgear:r6020_firmwarenetgear r6020 firmwarelt1.0.0.42
netgear:r6050_firmwarenetgear r6050 firmwarelt1.0.1.24
netgear:r6080_firmwarenetgear r6080 firmwarelt1.0.0.42
netgear:r6120_firmwarenetgear r6120 firmwarelt1.0.0.66
netgear:r6220_firmwarenetgear r6220 firmwarelt1.1.0.100
netgear:r6260_firmwarenetgear r6260 firmwarelt1.1.0.64
netgear:r6700v2_firmwarenetgear r6700v2 firmwarelt1.2.0.62

CPE	Name	Operator	Version
netgear:d6200_firmware	netgear d6200 firmware	lt	1.1.00.38
netgear:d7000_firmware	netgear d7000 firmware	lt	1.0.1.78
netgear:jr6150_firmware	netgear jr6150 firmware	lt	1.0.1.24
netgear:r6020_firmware	netgear r6020 firmware	lt	1.0.0.42
netgear:r6050_firmware	netgear r6050 firmware	lt	1.0.1.24
netgear:r6080_firmware	netgear r6080 firmware	lt	1.0.0.42
netgear:r6120_firmware	netgear r6120 firmware	lt	1.0.0.66
netgear:r6220_firmware	netgear r6220 firmware	lt	1.1.0.100
netgear:r6260_firmware	netgear r6260 firmware	lt	1.1.0.64
netgear:r6700v2_firmware	netgear r6700v2 firmware	lt	1.2.0.62

Rows per page:

1-10 of 141

References

kb.netgear.com/000062339/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2019-0014

7.1 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

Low

5.2 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.3%

JSON

Related for CVE-2020-26914

prion1 cvelist1