Lucene search

[email protected]NVD:CVE-2020-26922

HistoryOct 09, 2020 - 7:15 a.m.

CVE-2020-26922

2020-10-0907:15:17

CWE-77

[email protected]

web.nvd.nist.gov

netgear

command injection

authenticated user

wc7500

wc7600

wc7600v2

wc9500

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.

Affected configurations

Nvd

Node

netgearwc7500_firmwareRange<6.5.5.24

AND

netgearwc7500Match-

Node

netgearwc7600_firmwareRange<6.5.5.24

AND

netgearwc7600Match-

Node

netgearwc7600v2_firmwareRange<6.5.5.24

AND

netgearwc7600v2Match-

Node

netgearwc9500_firmwareRange<6.5.5.24

AND

netgearwc9500Match-

VendorProductVersionCPE
netgearwc7500_firmware*cpe:2.3:o:netgear:wc7500_firmware:*:*:*:*:*:*:*:*
netgearwc7500-cpe:2.3:h:netgear:wc7500:-:*:*:*:*:*:*:*
netgearwc7600_firmware*cpe:2.3:o:netgear:wc7600_firmware:*:*:*:*:*:*:*:*
netgearwc7600-cpe:2.3:h:netgear:wc7600:-:*:*:*:*:*:*:*
netgearwc7600v2_firmware*cpe:2.3:o:netgear:wc7600v2_firmware:*:*:*:*:*:*:*:*
netgearwc7600v2-cpe:2.3:h:netgear:wc7600v2:-:*:*:*:*:*:*:*
netgearwc9500_firmware*cpe:2.3:o:netgear:wc9500_firmware:*:*:*:*:*:*:*:*
netgearwc9500-cpe:2.3:h:netgear:wc9500:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	wc7500_firmware	*	cpe:2.3:o:netgear:wc7500_firmware::::::::
netgear	wc7500	-	cpe:2.3:h:netgear:wc7500:-:::::::*
netgear	wc7600_firmware	*	cpe:2.3:o:netgear:wc7600_firmware::::::::
netgear	wc7600	-	cpe:2.3:h:netgear:wc7600:-:::::::*
netgear	wc7600v2_firmware	*	cpe:2.3:o:netgear:wc7600v2_firmware::::::::
netgear	wc7600v2	-	cpe:2.3:h:netgear:wc7600v2:-:::::::*
netgear	wc9500_firmware	*	cpe:2.3:o:netgear:wc9500_firmware::::::::
netgear	wc9500	-	cpe:2.3:h:netgear:wc9500:-:::::::*

References

kb.netgear.com/000062330/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Wireless-Controllers-PSV-2020-0139

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2020-26922

prion1 cvelist1 cve1