CVE-2020-26922

MEDIUM

NETGEAR WC7500 WC7600 WC7600v2 WC9500 < 6.5.5.24 - Authenticated Command Injection

Title source: llm

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://kb.netgear.com/000062330/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Wireless-Controllers-PSV-2020-0139

Scores

CVSS v3 6.4

EPSS 0.0021

EPSS Percentile 43.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-77

Status published

Products (4)

netgear/wc7500_firmware < 6.5.5.24

netgear/wc7600_firmware < 6.5.5.24

netgear/wc7600v2_firmware < 6.5.5.24

netgear/wc9500_firmware < 6.5.5.24

Published Oct 09, 2020

Tracked Since Feb 18, 2026