Details of VAR-202010-0568

ID

VAR-202010-0568

CVE

CVE-2020-26902

TITLE

plural NETGEAR Command injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-012228

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-26902 // JVNDB: JVNDB-2020-012228

AFFECTED PRODUCTS

vendor:	netgear	model:	rbr750	scope:	lt	version:	3.2.15.25	Trust: 1.0
vendor:	netgear	model:	rbs850	scope:	lt	version:	3.2.15.25	Trust: 1.0
vendor:	netgear	model:	rbr850	scope:	lt	version:	3.2.15.25	Trust: 1.0
vendor:	netgear	model:	rbk752	scope:	lt	version:	3.2.15.25	Trust: 1.0
vendor:	netgear	model:	rbs750	scope:	lt	version:	3.2.15.25	Trust: 1.0
vendor:	netgear	model:	rbk852	scope:	lt	version:	3.2.15.25	Trust: 1.0
vendor:	ネットギア	model:	rbk752	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbk852	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbr750	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbr850	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbs750	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbs850	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-012228 // NVD: CVE-2020-26902

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-26902
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2020-26902
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2020-26902
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202010-332
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-26902
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-26902
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2020-26902
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2020-26902
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-012228 // CNNVD: CNNVD-202010-332 // NVD: CVE-2020-26902 // NVD: CVE-2020-26902

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	Command injection (CWE-77) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012228 // NVD: CVE-2020-26902

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202010-332

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202010-332

PATCH

title:	Security Advisory for Pre-Authentication Command Injection on Some WiFi Systems, PSV-2020-0041	url:	https://kb.netgear.com/000062352/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0041	Trust: 0.8
title:	Multiple NETGEAR Fixes for device command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131121	Trust: 0.6

sources: JVNDB: JVNDB-2020-012228 // CNNVD: CNNVD-202010-332

EXTERNAL IDS

db:	NVD	id:	CVE-2020-26902	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-012228	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-332	Trust: 0.6

sources: JVNDB: JVNDB-2020-012228 // CNNVD: CNNVD-202010-332 // NVD: CVE-2020-26902

REFERENCES

url:	https://kb.netgear.com/000062352/security-advisory-for-pre-authentication-command-injection-on-some-wifi-systems-psv-2020-0041	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-26902	Trust: 1.4

sources: JVNDB: JVNDB-2020-012228 // CNNVD: CNNVD-202010-332 // NVD: CVE-2020-26902

SOURCES

db:	JVNDB	id:	JVNDB-2020-012228
db:	CNNVD	id:	CNNVD-202010-332
db:	NVD	id:	CVE-2020-26902

LAST UPDATE DATE

2024-11-23T22:37:14.082000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-012228	date:	2021-04-27T05:46:00
db:	CNNVD	id:	CNNVD-202010-332	date:	2020-10-21T00:00:00
db:	NVD	id:	CVE-2020-26902	date:	2024-11-21T05:20:27.097

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-012228	date:	2021-04-27T00:00:00
db:	CNNVD	id:	CNNVD-202010-332	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2020-26902	date:	2020-10-09T07:15:15.463