NETGEAR devices command execution |
NAME
NETGEAR devices command execution
- Platforms Affected:
NETGEAR R7000P
NETGEAR R8000
NETGEAR RBR750
NETGEAR RBS750
NETGEAR RBK852
NETGEAR RBR850
NETGEAR RBS850
NETGEAR MK62
NETGEAR MS60
NETGEAR RBK752
NETGEAR R7000
NETGEAR R7900
NETGEAR R7960P
NETGEAR RAX15
NETGEAR RAX20
NETGEAR RAX200
NETGEAR RAX45
NETGEAR RAX50
NETGEAR RAX75
NETGEAR RAX80
NETGEAR MR60
NETGEAR R8000P
NETGEAR R7900P - Risk Level:
8.4 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
NETGEAR devices could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. An attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS 3.0 Information
- Privileges Required: High
- User Interaction: None
- Scope: Changed
- Access Vector: Adjacent Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to NETGEAR Security Advisory: PSV-2020-0220 for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://kb.netgear.com/000064767/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0220?article=000064767 - Reference Link:
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
