NETGEAR devices command execution |
NAME
NETGEAR devices command execution
- Platforms Affected:
NETGEAR RBK752
NETGEAR RBR750
NETGEAR RBS750
NETGEAR RBK852
NETGEAR RBS850
NETGEAR MK62
NETGEAR MS60
NETGEAR CBR40
NETGEAR RBR850
NETGEAR RAX15
NETGEAR RAX20
NETGEAR RAX200
NETGEAR RAX50
NETGEAR RAX75
NETGEAR RAX80
NETGEAR MR60 - Risk Level:
8.4 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
NETGEAR devices could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. An attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS 3.0 Information
- Privileges Required: High
- User Interaction: None
- Scope: Changed
- Access Vector: Adjacent Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to NETGEAR Security Advisory: PSV-2020-0104 for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://kb.netgear.com/000064764/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0104?article=000064764 - Reference Link:
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.