Command injection

2020-04-1518:15:00

PRIOn knowledge base

www.prio-n.com

9.8 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.2%

JSON

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and R7900 before 1.0.3.10.

CPENameOperatorVersion
r6400_firmwarelt1.0.4.84
r6700_firmwarelt1.0.2.8
r6700_firmwarelt1.0.4.84
r6900_firmwarelt1.0.2.8
r7900_firmwarelt1.0.3.10

Name	Operator	Version
r6400_firmware	lt	1.0.4.84
r6700_firmware	lt	1.0.2.8
r6700_firmware	lt	1.0.4.84
r6900_firmware	lt	1.0.2.8
r7900_firmware	lt	1.0.3.10

References

kb.netgear.com/000061741/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-PSV-2019-0051