Details of VAR-202006-0933

ID

VAR-202006-0933

CVE

CVE-2020-14436

TITLE

plural NETGEAR Injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-006741

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, and RBS840 before 3.2.15.25. plural NETGEAR A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR RBK752, etc. are all home WiFi systems of NETGEAR. Injection vulnerabilities exist in many NETGEAR products. Attackers can use this vulnerability to execute arbitrary Shell commands on the system by sending a specially crafted request

Trust: 2.16

sources: NVD: CVE-2020-14436 // JVNDB: JVNDB-2020-006741 // CNVD: CNVD-2021-44781

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-44781

AFFECTED PRODUCTS

vendor:	netgear	model:	rbk752	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbr750	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbs750	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbk753	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbk753s	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbk842	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbr840	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbs840	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbk852	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbk853	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbr850	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbs850	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbk752	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbk753	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbk753s	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbk842	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbk852	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbk853	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbr750	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbr850	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbs750	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbs850	scope:	eq	version:	3.2.15.25	Trust: 0.8

sources: CNVD: CNVD-2021-44781 // JVNDB: JVNDB-2020-006741 // NVD: CVE-2020-14436

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-14436
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2020-14436
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-006741
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-44781
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202006-1252
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-14436
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006741
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-44781
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-14436
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2020-14436
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	6.0
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-006741
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-44781 // JVNDB: JVNDB-2020-006741 // CNNVD: CNNVD-202006-1252 // NVD: CVE-2020-14436 // NVD: CVE-2020-14436

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	CWE-74	Trust: 0.8

sources: JVNDB: JVNDB-2020-006741 // NVD: CVE-2020-14436

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202006-1252

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202006-1252

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006741

PATCH

title:	Security Advisory for Pre-Authentication Command Injection on Some WiFi Systems, PSV-2020-0039	url:	https://kb.netgear.com/000061933/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0039	Trust: 0.8
title:	Patch for Command injection vulnerabilities in multiple NETGEAR products (CNVD-2021-44781)	url:	https://www.cnvd.org.cn/patchInfo/show/275081	Trust: 0.6

sources: CNVD: CNVD-2021-44781 // JVNDB: JVNDB-2020-006741

EXTERNAL IDS

db:	NVD	id:	CVE-2020-14436	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-006741	Trust: 0.8
db:	CNVD	id:	CNVD-2021-44781	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-1252	Trust: 0.6

sources: CNVD: CNVD-2021-44781 // JVNDB: JVNDB-2020-006741 // CNNVD: CNNVD-202006-1252 // NVD: CVE-2020-14436

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-14436	Trust: 2.0
url:	https://kb.netgear.com/000061933/security-advisory-for-pre-authentication-command-injection-on-some-wifi-systems-psv-2020-0039	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14436	Trust: 0.8

sources: CNVD: CNVD-2021-44781 // JVNDB: JVNDB-2020-006741 // CNNVD: CNNVD-202006-1252 // NVD: CVE-2020-14436

SOURCES

db:	CNVD	id:	CNVD-2021-44781
db:	JVNDB	id:	JVNDB-2020-006741
db:	CNNVD	id:	CNNVD-202006-1252
db:	NVD	id:	CVE-2020-14436

LAST UPDATE DATE

2024-11-23T22:29:35.912000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-44781	date:	2021-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-006741	date:	2020-07-16T00:00:00
db:	CNNVD	id:	CNNVD-202006-1252	date:	2020-07-02T00:00:00
db:	NVD	id:	CVE-2020-14436	date:	2024-11-21T05:03:16.207

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-44781	date:	2020-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-006741	date:	2020-07-16T00:00:00
db:	CNNVD	id:	CNNVD-202006-1252	date:	2020-06-18T00:00:00
db:	NVD	id:	CVE-2020-14436	date:	2020-06-18T17:15:12.750