Details of VAR-202012-1192

ID

VAR-202012-1192

CVE

CVE-2020-35793

TITLE

plural NETGEAR Command injection vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-014791

DESCRIPTION

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.58, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.5.2, and R9000 before 1.0.5.2. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR D7800 is an AC2600 WiFi VDSL/ADSL modem router. NETGEAR R7500v2 is a Nighthawk X4 AC2350 smart WiFi router. NETGEAR R7800 is an AC2600 dual-band Gigabit wireless router. NETGEAR R8900 is a Nighthawk X10 AD7000 smart WiFi router. NETGEAR R9000 is a Nighthawk X10 AD7200 smart WiFi router. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2020-35793 // JVNDB: JVNDB-2020-014791 // CNVD: CNVD-2021-03354

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-03354

AFFECTED PRODUCTS

vendor:	netgear	model:	r8900	scope:	lt	version:	1.0.5.2	Trust: 1.6
vendor:	netgear	model:	r9000	scope:	lt	version:	1.0.5.2	Trust: 1.6
vendor:	netgear	model:	d7800	scope:	lt	version:	1.0.1.58	Trust: 1.6
vendor:	netgear	model:	r7800	scope:	lt	version:	1.0.2.74	Trust: 1.0
vendor:	netgear	model:	r7500	scope:	lt	version:	1.0.3.46	Trust: 1.0
vendor:	ネットギア	model:	d7800	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r9000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7800	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r8900	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7500	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	r7500v2	scope:	lt	version:	1.0.3.46	Trust: 0.6

sources: CNVD: CNVD-2021-03354 // JVNDB: JVNDB-2020-014791 // NVD: CVE-2020-35793

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-35793
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2020-35793
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-35793
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-03354
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202012-1751
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-35793
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-03354
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-35793
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2020-35793
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	0.6
impactScore:	5.5
version:	3.1
Trust: 1.0
NVD:	CVE-2020-35793
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-03354 // JVNDB: JVNDB-2020-014791 // CNNVD: CNNVD-202012-1751 // NVD: CVE-2020-35793 // NVD: CVE-2020-35793

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	Command injection (CWE-77) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-014791 // NVD: CVE-2020-35793

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202012-1751

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202012-1751

PATCH

title:	Security Advisory for Post-Authentication Command Injection on Some Routers, PSV-2019-0185	url:	https://kb.netgear.com/000062725/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2019-0185	Trust: 0.8
title:	Patch for NETGEAR D7800/R7500v2/R7800/R8900/R9000 command injection vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/243721	Trust: 0.6
title:	Certain NETGEAR devices Fixes for command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138130	Trust: 0.6

sources: CNVD: CNVD-2021-03354 // JVNDB: JVNDB-2020-014791 // CNNVD: CNNVD-202012-1751

EXTERNAL IDS

db:	NVD	id:	CVE-2020-35793	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-014791	Trust: 0.8
db:	CNVD	id:	CNVD-2021-03354	Trust: 0.6
db:	CNNVD	id:	CNNVD-202012-1751	Trust: 0.6

sources: CNVD: CNVD-2021-03354 // JVNDB: JVNDB-2020-014791 // CNNVD: CNNVD-202012-1751 // NVD: CVE-2020-35793

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-35793	Trust: 2.0
url:	https://kb.netgear.com/000062725/security-advisory-for-post-authentication-command-injection-on-some-routers-psv-2019-0185	Trust: 1.6

sources: CNVD: CNVD-2021-03354 // JVNDB: JVNDB-2020-014791 // CNNVD: CNNVD-202012-1751 // NVD: CVE-2020-35793

SOURCES

db:	CNVD	id:	CNVD-2021-03354
db:	JVNDB	id:	JVNDB-2020-014791
db:	CNNVD	id:	CNNVD-202012-1751
db:	NVD	id:	CVE-2020-35793

LAST UPDATE DATE

2024-11-23T22:11:10.378000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-03354	date:	2021-01-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-014791	date:	2021-08-31T05:13:00
db:	CNNVD	id:	CNNVD-202012-1751	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-35793	date:	2024-11-21T05:28:07.030

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-03354	date:	2020-12-29T00:00:00
db:	JVNDB	id:	JVNDB-2020-014791	date:	2021-08-31T00:00:00
db:	CNNVD	id:	CNNVD-202012-1751	date:	2020-12-29T00:00:00
db:	NVD	id:	CVE-2020-35793	date:	2020-12-30T00:15:13.940