CVE-2020-14435

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.2.104, SRS60 before 2.5.2.104, SRR60 before 2.5.2.104, SRK60B03 before 2.5.2.104, SRK60B04 before 2.5.2.104, SRK60B05 before 2.5.2.104, and SRK60B06 before 2.5.2.104.

Published: Jun 18, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-14435
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 5.8
AV:A/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
netgear / srk60_firmware	-	2.5.2.104
netgear / srs60_firmware	-	2.5.2.104
netgear / srr60_firmware	-	2.5.2.104
netgear / srk60b03_firmware	-	2.5.2.104
netgear / srk60b04_firmware	-	2.5.2.104
netgear / srk60b05_firmware	-	2.5.2.104
netgear / srk60b06_firmware	-	2.5.2.104

https://kb.netgear.com/000061930/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0026

Vulnerability Database

289,697

CVE-2020-14435