CVE-2020-35792

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7500v2 before 1.0.3.48, R8900 before 1.0.5.2, R9000 before 1.0.5.2, and R7800 before 1.0.2.68.

Affected Software
References

Software	From	Fixed in
netgear / r7500_firmware	-	1.0.3.48
netgear / r7800_firmware	-	1.0.2.68
netgear / r9000_firmware	-	1.0.5.2
netgear / r8900_firmware	-	1.0.5.2

https://kb.netgear.com/000062682/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2019-0157

Severity: Medium

CVE: CVE-2020-35792
Published: Dec 30, 2020
Updated: Apr 14, 2023
Exploit:

Severity: Medium
Score: 6.8
AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: Medium
Score: 5.2
AV:A/AC:L/Au:S/C:P/I:P/A:P

CWE-77

A1 - Injection

CVE-2020-35792

Description

Details

CVSS v3

CVSS v2

CWEs

OWASP TOP 10