Sign-up

ID

VAR-202010-0576


CVE

CVE-2020-26910


TITLE

plural  NETGEAR  Command injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-012218

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-26910 // JVNDB: JVNDB-2020-012218

AFFECTED PRODUCTS

vendor:netgearmodel:rbr750scope:ltversion:3.2.15.25

Trust: 1.0

vendor:netgearmodel:cbr40scope:ltversion:2.5.0.10

Trust: 1.0

vendor:netgearmodel:rbr850scope:ltversion:3.2.15.25

Trust: 1.0

vendor:netgearmodel:rbk752scope:ltversion:3.2.15.25

Trust: 1.0

vendor:netgearmodel:rbs850scope:ltversion:3.2.15.25

Trust: 1.0

vendor:netgearmodel:rbs750scope:ltversion:3.2.15.25

Trust: 1.0

vendor:netgearmodel:rbk852scope:ltversion:3.2.15.25

Trust: 1.0

vendor:ネットギアmodel:cbr40scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbk752scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbk852scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbr750scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbr850scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbs750scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbs850scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-012218 // NVD: CVE-2020-26910

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-26910
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2020-26910
value: HIGH

Trust: 1.0

NVD: CVE-2020-26910
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202010-341
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-26910
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-26910
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2020-26910
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.7
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2020-26910
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-012218 // CNNVD: CNNVD-202010-341 // NVD: CVE-2020-26910 // NVD: CVE-2020-26910

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-012218 // NVD: CVE-2020-26910

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202010-341

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202010-341

PATCH

title:Security Advisory for Post-Authentication Command Injection on Some WiFi Systems, PSV-2020-0031url:https://kb.netgear.com/000062343/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0031

Trust: 0.8

title:Multiple NETGEAR Product Command Injection Vulnerability Fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131128

Trust: 0.6

sources: JVNDB: JVNDB-2020-012218 // CNNVD: CNNVD-202010-341

EXTERNAL IDS

db:NVDid:CVE-2020-26910

Trust: 2.4

db:JVNDBid:JVNDB-2020-012218

Trust: 0.8

db:CNNVDid:CNNVD-202010-341

Trust: 0.6

sources: JVNDB: JVNDB-2020-012218 // CNNVD: CNNVD-202010-341 // NVD: CVE-2020-26910

REFERENCES

url:https://kb.netgear.com/000062343/security-advisory-for-post-authentication-command-injection-on-some-wifi-systems-psv-2020-0031

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-26910

Trust: 1.4

sources: JVNDB: JVNDB-2020-012218 // CNNVD: CNNVD-202010-341 // NVD: CVE-2020-26910

SOURCES

db:JVNDBid:JVNDB-2020-012218
db:CNNVDid:CNNVD-202010-341
db:NVDid:CVE-2020-26910

LAST UPDATE DATE

2024-11-23T22:29:27.723000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-012218date:2021-04-27T05:42:00
db:CNNVDid:CNNVD-202010-341date:2020-10-21T00:00:00
db:NVDid:CVE-2020-26910date:2024-11-21T05:20:28.393

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-012218date:2021-04-27T00:00:00
db:CNNVDid:CNNVD-202010-341date:2020-10-09T00:00:00
db:NVDid:CVE-2020-26910date:2020-10-09T07:15:16.857