PT-2020-5840 · NetGear · Netgear R6220+1

Published

2020-09-17

Updated

2020-10-16

CVE-2020-26929

CVSS v3.1

8.0

High

Vector

AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: NETGEAR R6220 versions prior to 1.1.0.100 NETGEAR R6230 versions prior to 1.1.0.100

Description: The issue is related to insufficient input validation, which can be exploited by an authenticated user to perform command injection. This allows a remote attacker to execute arbitrary commands.

Recommendations: For NETGEAR R6220 versions prior to 1.1.0.100, update to version 1.1.0.100 or later to resolve the issue. For NETGEAR R6230 versions prior to 1.1.0.100, update to version 1.1.0.100 or later to resolve the issue.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

BDU:2021-01847

CVE-2020-26929

Affected Products

Netgear R6220

Netgear R6230

PT-2020-5840 · NetGear · Netgear R6220+1

CVE-2020-26929

Weakness Enumeration

Related Identifiers

Affected Products

References · 5