Details of VAR-202006-0937

ID

VAR-202006-0937

CVE

CVE-2020-14440

TITLE

plural NETGEAR On the device OS Command injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-006681

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. plural NETGEAR On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR RBK752, etc. are all home WiFi systems of NETGEAR. Attackers can use this vulnerability to execute arbitrary Shell commands on the system by sending a specially crafted request

Trust: 2.16

sources: NVD: CVE-2020-14440 // JVNDB: JVNDB-2020-006681 // CNVD: CNVD-2021-44785

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-44785

AFFECTED PRODUCTS

vendor:	netgear	model:	rbk752	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbr750	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbs750	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbk753	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbk753s	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbk842	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbr840	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbs840	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbk852	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbk853	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbr850	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbs850	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbk752	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbk753	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbk753s	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbk842	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbk852	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbk853	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbr750	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbr840	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbs750	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbs840	scope:	eq	version:	3.2.15.25	Trust: 0.8

sources: CNVD: CNVD-2021-44785 // JVNDB: JVNDB-2020-006681 // NVD: CVE-2020-14440

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-14440
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2020-14440
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-006681
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-44785
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202006-1259
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-14440
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006681
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-44785
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-14440
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2020-14440
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	6.0
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-006681
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-44785 // JVNDB: JVNDB-2020-006681 // CNNVD: CNNVD-202006-1259 // NVD: CVE-2020-14440 // NVD: CVE-2020-14440

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	CWE-78	Trust: 0.8

sources: JVNDB: JVNDB-2020-006681 // NVD: CVE-2020-14440

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202006-1259

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202006-1259

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006681

PATCH

title:	Security Advisory for Pre-Authentification Command Injection on Some WiFi Systems, PSV-2020-0065	url:	https://kb.netgear.com/000061943/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0065	Trust: 0.8
title:	Patch for Operating system command injection vulnerabilities in multiple NETGEAR products (CNVD-2021-44785)	url:	https://www.cnvd.org.cn/patchInfo/show/275041	Trust: 0.6

sources: CNVD: CNVD-2021-44785 // JVNDB: JVNDB-2020-006681

EXTERNAL IDS

db:	NVD	id:	CVE-2020-14440	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-006681	Trust: 0.8
db:	CNVD	id:	CNVD-2021-44785	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-1259	Trust: 0.6

sources: CNVD: CNVD-2021-44785 // JVNDB: JVNDB-2020-006681 // CNNVD: CNNVD-202006-1259 // NVD: CVE-2020-14440

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-14440	Trust: 2.0
url:	https://kb.netgear.com/000061943/security-advisory-for-pre-authentication-command-injection-on-some-wifi-systems-psv-2020-0065	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14440	Trust: 0.8

sources: CNVD: CNVD-2021-44785 // JVNDB: JVNDB-2020-006681 // CNNVD: CNNVD-202006-1259 // NVD: CVE-2020-14440

SOURCES

db:	CNVD	id:	CNVD-2021-44785
db:	JVNDB	id:	JVNDB-2020-006681
db:	CNNVD	id:	CNNVD-202006-1259
db:	NVD	id:	CVE-2020-14440

LAST UPDATE DATE

2024-11-23T22:55:07.986000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-44785	date:	2021-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-006681	date:	2020-07-15T00:00:00
db:	CNNVD	id:	CNNVD-202006-1259	date:	2020-07-02T00:00:00
db:	NVD	id:	CVE-2020-14440	date:	2024-11-21T05:03:16.930

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-44785	date:	2020-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-006681	date:	2020-07-15T00:00:00
db:	CNNVD	id:	CNNVD-202006-1259	date:	2020-06-18T00:00:00
db:	NVD	id:	CVE-2020-14440	date:	2020-06-18T17:15:13.140