PT-2020-5359 · NetGear · Netgear Srr60+4

Published

2020-06-18

·

Updated

2021-07-21

·

CVE-2020-14435

CVSS v3.1

8.8

High

VectorAV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions NETGEAR SRK60 versions prior to 2.5.2.104 NETGEAR SRS60 versions prior to 2.5.2.104 NETGEAR SRR60 versions prior to 2.5.2.104 NETGEAR SRK60B03 versions prior to 2.5.2.104 NETGEAR SRK60B04 versions prior to 2.5.2.104 NETGEAR SRK60B05 versions prior to 2.5.2.104 NETGEAR SRK60B06 versions prior to 2.5.2.104
Description The issue is caused by command injection that can be exploited by an unauthenticated attacker. This allows a remote attacker to execute arbitrary commands. The vulnerability exists due to the failure to neutralize special elements in the embedded software of NETGEAR routers.
Recommendations For NETGEAR SRK60 versions prior to 2.5.2.104, update to version 2.5.2.104 or later. For NETGEAR SRS60 versions prior to 2.5.2.104, update to version 2.5.2.104 or later. For NETGEAR SRR60 versions prior to 2.5.2.104, update to version 2.5.2.104 or later. For NETGEAR SRK60B03 versions prior to 2.5.2.104, update to version 2.5.2.104 or later. For NETGEAR SRK60B04 versions prior to 2.5.2.104, update to version 2.5.2.104 or later. For NETGEAR SRK60B05 versions prior to 2.5.2.104, update to version 2.5.2.104 or later. For NETGEAR SRK60B06 versions prior to 2.5.2.104, update to version 2.5.2.104 or later.

Fix

Command Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-74

Related Identifiers

BDU:2021-00227
CVE-2020-14435

Affected Products

Netgear Srr60
Netgear Srk60B03
Netgear Srk60B04
Netgear Srk60B05
Netgear Srk60B06