Details of VAR-202006-0930

ID

VAR-202006-0930

CVE

CVE-2020-14433

TITLE

plural NETGEAR Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-006744

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK842 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, and RBS750 before 3.2.15.25. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR RBK752, etc. are all home WiFi systems of NETGEAR. Injection vulnerabilities exist in many NETGEAR products. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process of the user inputting the construction command, data structure or record, and the special elements are not filtered or correctly filtered, resulting in the analysis or analysis of the system or product. The explanation is wrong. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2020-14433 // JVNDB: JVNDB-2020-006744 // CNVD: CNVD-2021-44778

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-44778

AFFECTED PRODUCTS

vendor:	netgear	model:	rbk752	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbr750	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbs750	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbk753	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbk753s	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbk842	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbr840	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbs840	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbk852	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbk853	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbr850	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbs850	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbk752	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbk753	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbk753s	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbk842	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbk852	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbk853	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbr750	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbr840	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbr850	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbs750	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbs840	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbs850	scope:	eq	version:	3.2.15.25	Trust: 0.8

sources: CNVD: CNVD-2021-44778 // JVNDB: JVNDB-2020-006744 // NVD: CVE-2020-14433

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-14433
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2020-14433
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-006744
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-44778
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202006-1248
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-14433
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006744
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-44778
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-14433
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2020-14433
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.7
impactScore:	6.0
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-006744
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-44778 // JVNDB: JVNDB-2020-006744 // CNNVD: CNNVD-202006-1248 // NVD: CVE-2020-14433 // NVD: CVE-2020-14433

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	CWE-74	Trust: 0.8

sources: JVNDB: JVNDB-2020-006744 // NVD: CVE-2020-14433

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202006-1248

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202006-1248

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006744

PATCH

title:	Security Advisory for Post-Authentication Command Injection on Some WiFi Systems, PSV-2020-0035	url:	https://kb.netgear.com/000061932/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0035	Trust: 0.8
title:	Patch for Command injection vulnerabilities in multiple NETGEAR products (CNVD-2021-44778)	url:	https://www.cnvd.org.cn/patchInfo/show/275096	Trust: 0.6
title:	Multiple NETGEAR Product Command Injection Vulnerability Fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121996	Trust: 0.6

sources: CNVD: CNVD-2021-44778 // JVNDB: JVNDB-2020-006744 // CNNVD: CNNVD-202006-1248

EXTERNAL IDS

db:	NVD	id:	CVE-2020-14433	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-006744	Trust: 0.8
db:	CNVD	id:	CNVD-2021-44778	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-1248	Trust: 0.6

sources: CNVD: CNVD-2021-44778 // JVNDB: JVNDB-2020-006744 // CNNVD: CNNVD-202006-1248 // NVD: CVE-2020-14433

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-14433	Trust: 2.0
url:	https://kb.netgear.com/000061932/security-advisory-for-post-authentication-command-injection-on-some-wifi-systems-psv-2020-0035	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14433	Trust: 0.8

sources: CNVD: CNVD-2021-44778 // JVNDB: JVNDB-2020-006744 // CNNVD: CNNVD-202006-1248 // NVD: CVE-2020-14433

SOURCES

db:	CNVD	id:	CNVD-2021-44778
db:	JVNDB	id:	JVNDB-2020-006744
db:	CNNVD	id:	CNNVD-202006-1248
db:	NVD	id:	CVE-2020-14433

LAST UPDATE DATE

2024-11-23T21:59:12.224000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-44778	date:	2021-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-006744	date:	2020-07-16T00:00:00
db:	CNNVD	id:	CNNVD-202006-1248	date:	2020-06-23T00:00:00
db:	NVD	id:	CVE-2020-14433	date:	2024-11-21T05:03:15.677

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-44778	date:	2020-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-006744	date:	2020-07-16T00:00:00
db:	CNNVD	id:	CNNVD-202006-1248	date:	2020-06-18T00:00:00
db:	NVD	id:	CVE-2020-14433	date:	2020-06-18T17:15:12.453