CVE-2020-35790: Command Injection
First published: Wed Dec 30 2020(Updated: )
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, and R9000 before 1.0.4.26.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgear D7800 Firmware | <1.0.1.56 | |
| Netgear D7800 | ||
| NETGEAR R7800 firmware | <1.0.2.68 | |
| NETGEAR R7800 | ||
| Netgear R8900 Firmware | <1.0.4.26 | |
| NETGEAR R8900 | ||
| Netgear R9000 Firmware | <1.0.4.26 | |
| NETGEAR R9000 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability CVE-2020-35790?
The vulnerability CVE-2020-35790 refers to a command injection vulnerability that affects certain NETGEAR devices.
Which NETGEAR devices are affected by CVE-2020-35790?
CVE-2020-35790 affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, and R9000 before 1.0.4.26.
What is the severity of CVE-2020-35790?
CVE-2020-35790 has a severity score of 6.8, which is considered medium.
How does CVE-2020-35790 exploit work?
CVE-2020-35790 allows an authenticated user to execute arbitrary commands on the affected NETGEAR devices.
How can I fix CVE-2020-35790?
To fix CVE-2020-35790, it is recommended to update the firmware of D7800, R7800, R8900, and R9000 devices to versions above 1.0.1.56, 1.0.2.68, 1.0.4.26 respectively.