CVE-2020-35798

CRITICAL

NETGEAR Multiple Routers - Unauthenticated Command Injection

Title source: llm
STIX 2.1

Description

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R6900P before 1.3.2.124, R7000 before 1.0.11.100, R7000P before 1.3.2.124, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7960P before 1.4.1.50, R8000 before 1.0.4.52, R7900P before 1.4.1.50, R8000P before 1.4.1.50, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.1.12, RAX45 before 1.0.2.66, RAX50 before 1.0.2.66, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RS400 before 1.5.0.48, and XR300 before 1.0.3.50.

References (1)

Core 1

Scores

CVSS v3 9.3
EPSS 0.0038
EPSS Percentile 59.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-77
Status published
Products (30)
netgear/r6400v2_firmware < 1.0.4.84
netgear/r6700v3_firmware < 1.0.4.84
netgear/r6900p_firmware < 1.3.2.124
netgear/r7000_firmware < 1.0.11.100
netgear/r7000p_firmware < 1.3.2.124
netgear/r7800_firmware < 1.0.2.74
netgear/r7850_firmware < 1.0.5.60
netgear/r7900_firmware < 1.0.4.26
netgear/r7900p_firmware < 1.4.1.50
netgear/r7960p_firmware < 1.4.1.50
... and 20 more
Published Dec 30, 2020
Tracked Since Feb 18, 2026