Sign-up

ID

VAR-202004-0454


CVE

CVE-2020-11790


TITLE

NETGEAR R7800 Input verification vulnerabilities on devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-004363

DESCRIPTION

NETGEAR R7800 devices before 1.0.2.68 are affected by remote code execution by unauthenticated attackers. NETGEAR R7800 The device contains an input verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R7800 is a router of NETGEAR

Trust: 2.16

sources: NVD: CVE-2020-11790 // JVNDB: JVNDB-2020-004363 // CNVD: CNVD-2020-25377

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-25377

AFFECTED PRODUCTS

vendor:netgearmodel:r7800scope:ltversion:1.0.2.68

Trust: 1.6

vendor:netgearmodel:r7800scope:eqversion:1.0.2.68

Trust: 0.8

sources: CNVD: CNVD-2020-25377 // JVNDB: JVNDB-2020-004363 // NVD: CVE-2020-11790

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-11790
value: CRITICAL

Trust: 1.0

cve@mitre.org: CVE-2020-11790
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-004363
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-25377
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202004-1157
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-11790
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004363
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-25377
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-11790
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2020-11790
baseSeverity: CRITICAL
baseScore: 9.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 5.5
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-004363
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-25377 // JVNDB: JVNDB-2020-004363 // CNNVD: CNNVD-202004-1157 // NVD: CVE-2020-11790 // NVD: CVE-2020-11790

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2020-004363 // NVD: CVE-2020-11790

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1157

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1157

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004363

PATCH
title:Security Advisory for Unauthenticated Remote Code Execution on R7800, PSV-2019-0076url:https://kb.netgear.com/000061740/Security-Advisory-for-Unauthenticated-Remote-Code-Execution-on-R7800-PSV-2019-0076
Trust: 0.8
title:Patch for NETGEAR R7800 code execution vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/215663
Trust: 0.6
title:NETGEAR R7800 Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116471
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-25377 // 
            
            
            
            JVNDB: JVNDB-2020-004363 // 
            
            
            
            CNNVD: CNNVD-202004-1157

EXTERNAL IDS
db:NVDid:CVE-2020-11790
Trust: 3.0
db:JVNDBid:JVNDB-2020-004363
Trust: 0.8
db:CNVDid:CNVD-2020-25377
Trust: 0.6
db:CNNVDid:CNNVD-202004-1157
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-25377 // 
            
            
            
            JVNDB: JVNDB-2020-004363 // 
            
            
            
            CNNVD: CNNVD-202004-1157 // 
            
            
            
            NVD: CVE-2020-11790

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-11790
Trust: 2.0
url:https://kb.netgear.com/000061740/security-advisory-for-unauthenticated-remote-code-execution-on-r7800-psv-2019-0076
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11790
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-25377 // 
            
            
            
            JVNDB: JVNDB-2020-004363 // 
            
            
            
            CNNVD: CNNVD-202004-1157 // 
            
            
            
            NVD: CVE-2020-11790

SOURCES
db:CNVDid:CNVD-2020-25377
db:JVNDBid:JVNDB-2020-004363
db:CNNVDid:CNNVD-202004-1157
db:NVDid:CVE-2020-11790

LAST UPDATE DATE
2024-11-23T22:55:11.311000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-25377date:2020-04-28T00:00:00
db:JVNDBid:JVNDB-2020-004363date:2020-05-13T00:00:00
db:CNNVDid:CNNVD-202004-1157date:2020-04-26T00:00:00
db:NVDid:CVE-2020-11790date:2024-11-21T04:58:37.867

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-25377date:2020-04-28T00:00:00
db:JVNDBid:JVNDB-2020-004363date:2020-05-13T00:00:00
db:CNNVDid:CNNVD-202004-1157date:2020-04-15T00:00:00
db:NVDid:CVE-2020-11790date:2020-04-15T18:15:15.113