Sign-up

ID

VAR-202004-0453


CVE

CVE-2020-11789


TITLE

plural NETGEAR Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-004366

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and R7900 before 1.0.3.10. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6400 is a wireless router of NETGEAR. The vulnerability stems from the operation process of the user inputting the construction command, data structure or record, the network system or product lacks the correct verification of the user input data, and the special elements are not filtered or properly filtered out. The attacker can use the vulnerability to cause the system Or the product has a wrong interpretation or interpretation method

Trust: 2.16

sources: NVD: CVE-2020-11789 // JVNDB: JVNDB-2020-004366 // CNVD: CNVD-2020-26954

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-26954

AFFECTED PRODUCTS

vendor:netgearmodel:r6700scope:ltversion:1.0.2.8

Trust: 1.6

vendor:netgearmodel:r6900scope:ltversion:1.0.2.8

Trust: 1.6

vendor:netgearmodel:r7900scope:ltversion:1.0.3.10

Trust: 1.6

vendor:netgearmodel:r6400scope:ltversion:1.0.4.84

Trust: 1.0

vendor:netgearmodel:r6700scope:ltversion:1.0.4.84

Trust: 1.0

vendor:netgearmodel:r6400scope:eqversion:v2 1.0.4.84

Trust: 0.8

vendor:netgearmodel:r6700scope:eqversion:1.0.2.8

Trust: 0.8

vendor:netgearmodel:r6700scope:eqversion:v3 1.0.4.84

Trust: 0.8

vendor:netgearmodel:r6900scope:eqversion:1.0.2.8

Trust: 0.8

vendor:netgearmodel:r7900scope:eqversion:1.0.3.10

Trust: 0.8

vendor:netgearmodel:r6400v2scope:ltversion:1.0.4.84

Trust: 0.6

vendor:netgearmodel:r6700v3scope:ltversion:1.0.4.84

Trust: 0.6

sources: CNVD: CNVD-2020-26954 // JVNDB: JVNDB-2020-004366 // NVD: CVE-2020-11789

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-11789
value: CRITICAL

Trust: 1.0

cve@mitre.org: CVE-2020-11789
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-004366
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-26954
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202004-1158
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-11789
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004366
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-26954
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-11789
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2020-11789
baseSeverity: HIGH
baseScore: 8.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 5.5
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-004366
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-26954 // JVNDB: JVNDB-2020-004366 // CNNVD: CNNVD-202004-1158 // NVD: CVE-2020-11789 // NVD: CVE-2020-11789

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-74

Trust: 0.8

sources: JVNDB: JVNDB-2020-004366 // NVD: CVE-2020-11789

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1158

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-1158

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004366

PATCH
title:Security Advisory for Pre-Authentication Command Injection on Some Routers, PSV-2019-0051url:https://kb.netgear.com/000061741/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-PSV-2019-0051
Trust: 0.8
title:Patch for Multiple NETGEAR product command injection vulnerabilities (CNVD-2020-26954)url:https://www.cnvd.org.cn/patchInfo/show/216417
Trust: 0.6
title:Multiple NETGEAR Fixing measures for product injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116472
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-26954 // 
            
            
            
            JVNDB: JVNDB-2020-004366 // 
            
            
            
            CNNVD: CNNVD-202004-1158

EXTERNAL IDS
db:NVDid:CVE-2020-11789
Trust: 3.0
db:JVNDBid:JVNDB-2020-004366
Trust: 0.8
db:CNVDid:CNVD-2020-26954
Trust: 0.6
db:CNNVDid:CNNVD-202004-1158
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-26954 // 
            
            
            
            JVNDB: JVNDB-2020-004366 // 
            
            
            
            CNNVD: CNNVD-202004-1158 // 
            
            
            
            NVD: CVE-2020-11789

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-11789
Trust: 2.0
url:https://kb.netgear.com/000061741/security-advisory-for-pre-authentication-command-injection-on-some-routers-psv-2019-0051
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11789
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-26954 // 
            
            
            
            JVNDB: JVNDB-2020-004366 // 
            
            
            
            CNNVD: CNNVD-202004-1158 // 
            
            
            
            NVD: CVE-2020-11789

SOURCES
db:CNVDid:CNVD-2020-26954
db:JVNDBid:JVNDB-2020-004366
db:CNNVDid:CNNVD-202004-1158
db:NVDid:CVE-2020-11789

LAST UPDATE DATE
2024-11-23T21:51:35.813000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-26954date:2020-05-07T00:00:00
db:JVNDBid:JVNDB-2020-004366date:2020-05-13T00:00:00
db:CNNVDid:CNNVD-202004-1158date:2020-04-26T00:00:00
db:NVDid:CVE-2020-11789date:2024-11-21T04:58:37.723

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-26954date:2020-05-07T00:00:00
db:JVNDBid:JVNDB-2020-004366date:2020-05-13T00:00:00
db:CNNVDid:CNNVD-202004-1158date:2020-04-15T00:00:00
db:NVDid:CVE-2020-11789date:2020-04-15T18:15:15.020