Sign-up

ID

VAR-202009-0776


CVE

CVE-2020-25067


TITLE

NETGEAR R8300 Injection vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-010574

DESCRIPTION

NETGEAR R8300 devices before 1.0.2.134 are affected by command injection by an unauthenticated attacker. NETGEAR R8300 There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R8300 is a wireless router from NETGEAR. The vulnerability stems from the fact that the network system or product fails to correctly filter special characters, commands, etc. in the process of user input to construct and execute commands. Attackers can use this vulnerability to execute illegal operating system commands

Trust: 2.16

sources: NVD: CVE-2020-25067 // JVNDB: JVNDB-2020-010574 // CNVD: CNVD-2020-53784

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-53784

AFFECTED PRODUCTS

vendor:netgearmodel:r8300scope:ltversion:1.0.2.134

Trust: 1.6

vendor:netgearmodel:r8300scope:eqversion:1.0.2.134

Trust: 0.8

sources: CNVD: CNVD-2020-53784 // JVNDB: JVNDB-2020-010574 // NVD: CVE-2020-25067

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-25067
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2020-25067
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-010574
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-53784
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202009-004
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-25067
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-010574
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-53784
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-25067
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2020-25067
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-010574
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-53784 // JVNDB: JVNDB-2020-010574 // CNNVD: CNNVD-202009-004 // NVD: CVE-2020-25067 // NVD: CVE-2020-25067

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-74

Trust: 0.8

sources: JVNDB: JVNDB-2020-010574 // NVD: CVE-2020-25067

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202009-004

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202009-004

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-010574

PATCH
title:Security Advisory for Pre-Authentication Command Injection on R8300, PSV-2020-0211url:https://kb.netgear.com/000062158/Security-Advisory-for-Pre-Authentication-Command-Injection-on-R8300-PSV-2020-02111
Trust: 0.8
title:Patch for NETGEAR R8300 command injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/235489
Trust: 0.6
title:NETGEAR R8300 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127970
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-53784 // 
            
            
            
            JVNDB: JVNDB-2020-010574 // 
            
            
            
            CNNVD: CNNVD-202009-004

EXTERNAL IDS
db:NVDid:CVE-2020-25067
Trust: 3.0
db:JVNDBid:JVNDB-2020-010574
Trust: 0.8
db:CNVDid:CNVD-2020-53784
Trust: 0.6
db:CNNVDid:CNNVD-202009-004
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-53784 // 
            
            
            
            JVNDB: JVNDB-2020-010574 // 
            
            
            
            CNNVD: CNNVD-202009-004 // 
            
            
            
            NVD: CVE-2020-25067

REFERENCES
url:https://kb.netgear.com/000062158/security-advisory-for-pre-authentication-command-injection-on-r8300-psv-2020-0211
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2020-25067
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25067
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-53784 // 
            
            
            
            JVNDB: JVNDB-2020-010574 // 
            
            
            
            CNNVD: CNNVD-202009-004 // 
            
            
            
            NVD: CVE-2020-25067

SOURCES
db:CNVDid:CNVD-2020-53784
db:JVNDBid:JVNDB-2020-010574
db:CNNVDid:CNNVD-202009-004
db:NVDid:CVE-2020-25067

LAST UPDATE DATE
2024-11-23T21:35:19.284000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-53784date:2020-09-24T00:00:00
db:JVNDBid:JVNDB-2020-010574date:2021-01-28T02:40:05
db:CNNVDid:CNNVD-202009-004date:2020-10-22T00:00:00
db:NVDid:CVE-2020-25067date:2024-11-21T05:17:11.403

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-53784date:2020-09-24T00:00:00
db:JVNDBid:JVNDB-2020-010574date:2021-01-28T02:40:05
db:CNNVDid:CNNVD-202009-004date:2020-09-01T00:00:00
db:NVDid:CVE-2020-25067date:2020-09-01T04:15:11.197