Details of VAR-202012-1177

ID

VAR-202012-1177

CVE

CVE-2020-35802

TITLE

plural NETGEAR Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-014795

DESCRIPTION

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects CBR40 before 2.5.0.14, RBW30 before 2.6.1.4, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, and RBS40V before 2.6.1.4. plural NETGEAR An unspecified vulnerability exists in the device.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2020-35802 // JVNDB: JVNDB-2020-014795

AFFECTED PRODUCTS

vendor:	netgear	model:	cbr40	scope:	lt	version:	2.5.0.14	Trust: 1.0
vendor:	netgear	model:	rbr840	scope:	lt	version:	3.2.16.6	Trust: 1.0
vendor:	netgear	model:	rbs850	scope:	lt	version:	3.2.16.6	Trust: 1.0
vendor:	netgear	model:	rbs750	scope:	lt	version:	3.2.16.6	Trust: 1.0
vendor:	netgear	model:	rbk852	scope:	lt	version:	3.2.16.6	Trust: 1.0
vendor:	netgear	model:	rbs840	scope:	lt	version:	3.2.16.6	Trust: 1.0
vendor:	netgear	model:	rax80	scope:	lt	version:	1.0.3.102	Trust: 1.0
vendor:	netgear	model:	rbw30	scope:	lt	version:	2.6.1.4	Trust: 1.0
vendor:	netgear	model:	rbs840v	scope:	lt	version:	2.6.1.4	Trust: 1.0
vendor:	netgear	model:	rax75	scope:	lt	version:	1.0.3.102	Trust: 1.0
vendor:	netgear	model:	rbk842	scope:	lt	version:	3.2.16.6	Trust: 1.0
vendor:	netgear	model:	rbr750	scope:	lt	version:	3.2.16.6	Trust: 1.0
vendor:	netgear	model:	rbr850	scope:	lt	version:	3.2.16.6	Trust: 1.0
vendor:	netgear	model:	rbk752	scope:	lt	version:	3.2.16.6	Trust: 1.0
vendor:	ネットギア	model:	rbs750	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbr850	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax80	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbr750	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax75	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbs850	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbk852	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbk752	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbw30	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-014795 // NVD: CVE-2020-35802

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-35802
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2020-35802
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-35802
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202012-1767
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-35802
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-35802
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2020-014795
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-014795 // CNNVD: CNNVD-202012-1767 // NVD: CVE-2020-35802 // NVD: CVE-2020-35802

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-014795 // NVD: CVE-2020-35802

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-1767

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202012-1767

PATCH

title:	Security Advisory for Sensitive Information Disclosure on Some Routers and WiFi Systems, PSV-2020-0331	url:	https://kb.netgear.com/000062720/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-WiFi-Systems-PSV-2020-0331	Trust: 0.8
title:	Multiple Netgear Product information disclosure vulnerability repair measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138274	Trust: 0.6

sources: JVNDB: JVNDB-2020-014795 // CNNVD: CNNVD-202012-1767

EXTERNAL IDS

db:	NVD	id:	CVE-2020-35802	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-014795	Trust: 0.8
db:	CNNVD	id:	CNNVD-202012-1767	Trust: 0.6

sources: JVNDB: JVNDB-2020-014795 // CNNVD: CNNVD-202012-1767 // NVD: CVE-2020-35802

REFERENCES

url:	https://kb.netgear.com/000062720/security-advisory-for-sensitive-information-disclosure-on-some-routers-and-wifi-systems-psv-2020-0331	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35802	Trust: 1.4

sources: JVNDB: JVNDB-2020-014795 // CNNVD: CNNVD-202012-1767 // NVD: CVE-2020-35802

SOURCES

db:	JVNDB	id:	JVNDB-2020-014795
db:	CNNVD	id:	CNNVD-202012-1767
db:	NVD	id:	CVE-2020-35802

LAST UPDATE DATE

2024-11-23T22:58:05.584000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-014795	date:	2021-08-31T05:14:00
db:	CNNVD	id:	CNNVD-202012-1767	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-35802	date:	2024-11-21T05:28:09.167

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-014795	date:	2021-08-31T00:00:00
db:	CNNVD	id:	CNNVD-202012-1767	date:	2020-12-29T00:00:00
db:	NVD	id:	CVE-2020-35802	date:	2020-12-30T00:15:14.517