Lucene search

MitreCVELIST:CVE-2020-26920

HistoryOct 09, 2020 - 6:28 a.m.

CVE-2020-26920

2020-10-0906:28:25

mitre

www.cve.org

netgear

unauthenticated

command injection

srk60

srr60

srs60

security vulnerability

cve-2020-26920

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

33.5%

JSON

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.3.110, SRR60 before 2.5.3.110, and SRS60 before 2.5.3.110.

References

kb.netgear.com/000062333/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0327

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

33.5%

JSON

Related for CVELIST:CVE-2020-26920