CVE-2020-35791

MEDIUM

NETGEAR R7800/R8900/R9000 Firmware - Authenticated Command Injection

Title source: llm

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.68, R8900 before 1.0.5.2, and R9000 before 1.0.5.2.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://kb.netgear.com/000062714/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2019-0079

Scores

CVSS v3 6.4

EPSS 0.0010

EPSS Percentile 27.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-77

Status published

Products (3)

netgear/r7800_firmware < 1.0.2.68

netgear/r8900_firmware < 1.0.5.2

netgear/r9000_firmware < 1.0.5.2

Published Dec 30, 2020

Tracked Since Feb 18, 2026