Details of VAR-202012-1191

ID

VAR-202012-1191

CVE

CVE-2020-35792

TITLE

plural NETGEAR Command injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-014790

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7500v2 before 1.0.3.48, R8900 before 1.0.5.2, R9000 before 1.0.5.2, and R7800 before 1.0.2.68. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR R7500v2 is a Nighthawk X4 AC2350 smart WiFi router. NETGEAR R8900 is a Nighthawk X10 AD7000 smart WiFi router. NETGEAR R9000 is a Nighthawk X10 AD7200 smart WiFi router. NETGEAR R7800 is an AC2600 dual-band Gigabit wireless router. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2020-35792 // JVNDB: JVNDB-2020-014790 // CNVD: CNVD-2021-03353

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-03353

AFFECTED PRODUCTS

vendor:	netgear	model:	r7800	scope:	lt	version:	1.0.2.68	Trust: 1.6
vendor:	netgear	model:	r8900	scope:	lt	version:	1.0.5.2	Trust: 1.6
vendor:	netgear	model:	r9000	scope:	lt	version:	1.0.5.2	Trust: 1.6
vendor:	netgear	model:	r7500	scope:	lt	version:	1.0.3.48	Trust: 1.0
vendor:	ネットギア	model:	r7800	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r8900	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r9000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7500	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	r7500v2	scope:	lt	version:	1.0.3.48	Trust: 0.6

sources: CNVD: CNVD-2021-03353 // JVNDB: JVNDB-2020-014790 // NVD: CVE-2020-35792

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-35792
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2020-35792
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-35792
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-03353
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202012-1798
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-35792
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-03353
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-35792
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2020-35792
baseSeverity:	HIGH
baseScore:	8.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	1.7
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2020-35792
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-03353 // JVNDB: JVNDB-2020-014790 // CNNVD: CNNVD-202012-1798 // NVD: CVE-2020-35792 // NVD: CVE-2020-35792

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	Command injection (CWE-77) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-014790 // NVD: CVE-2020-35792

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202012-1798

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202012-1798

PATCH

title:	Security Advisory for Post-Authentication Command Injection on Some Routers, PSV-2019-0157	url:	https://kb.netgear.com/000062682/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2019-0157	Trust: 0.8
title:	Patch for NETGEAR R7500v2/R8900/R9000/R7800 command injection vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/243718	Trust: 0.6
title:	Multiple NETGEAR Repair measures for device cross-site command injection vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138289	Trust: 0.6

sources: CNVD: CNVD-2021-03353 // JVNDB: JVNDB-2020-014790 // CNNVD: CNNVD-202012-1798

EXTERNAL IDS

db:	NVD	id:	CVE-2020-35792	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-014790	Trust: 0.8
db:	CNVD	id:	CNVD-2021-03353	Trust: 0.6
db:	CNNVD	id:	CNNVD-202012-1798	Trust: 0.6

sources: CNVD: CNVD-2021-03353 // JVNDB: JVNDB-2020-014790 // CNNVD: CNNVD-202012-1798 // NVD: CVE-2020-35792

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-35792	Trust: 2.0
url:	https://kb.netgear.com/000062682/security-advisory-for-post-authentication-command-injection-on-some-routers-psv-2019-0157	Trust: 1.6

sources: CNVD: CNVD-2021-03353 // JVNDB: JVNDB-2020-014790 // CNNVD: CNNVD-202012-1798 // NVD: CVE-2020-35792

SOURCES

db:	CNVD	id:	CNVD-2021-03353
db:	JVNDB	id:	JVNDB-2020-014790
db:	CNNVD	id:	CNNVD-202012-1798
db:	NVD	id:	CVE-2020-35792

LAST UPDATE DATE

2024-11-23T23:11:13.667000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-03353	date:	2021-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-014790	date:	2021-08-31T05:13:00
db:	CNNVD	id:	CNNVD-202012-1798	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-35792	date:	2024-11-21T05:28:06.850

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-03353	date:	2020-12-29T00:00:00
db:	JVNDB	id:	JVNDB-2020-014790	date:	2021-08-31T00:00:00
db:	CNNVD	id:	CNNVD-202012-1798	date:	2020-12-29T00:00:00
db:	NVD	id:	CVE-2020-35792	date:	2020-12-30T00:15:13.877