PT-2020-17432 · NetGear · Netgear R8900+3
Crixer
·
Published
2020-12-29
·
Updated
2020-12-31
·
CVE-2020-35792
CVSS v3.1
8.3
High
| Vector | AC:L/AV:A/A:L/C:H/I:H/PR:H/S:C/UI:N |
Name of the Vulnerable Software and Affected Versions
NETGEAR R7500v2 versions prior to 1.0.3.48
NETGEAR R8900 versions prior to 1.0.5.2
NETGEAR R9000 versions prior to 1.0.5.2
NETGEAR R7800 versions prior to 1.0.2.68
Description
The issue affects certain NETGEAR devices, allowing command injection by an authenticated user.
Recommendations
For NETGEAR R7500v2 versions prior to 1.0.3.48, update to version 1.0.3.48 or later.
For NETGEAR R8900 versions prior to 1.0.5.2, update to version 1.0.5.2 or later.
For NETGEAR R9000 versions prior to 1.0.5.2, update to version 1.0.5.2 or later.
For NETGEAR R7800 versions prior to 1.0.2.68, update to version 1.0.2.68 or later.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netgear R7500V2
Netgear R7800
Netgear R8900
Netgear R9000