CVE-2020-35798: Command Injection
First published: Tue Dec 29 2020(Updated: )
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R6900P before 1.3.2.124, R7000 before 1.0.11.100, R7000P before 1.3.2.124, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7960P before 1.4.1.50, R8000 before 1.0.4.52, R7900P before 1.4.1.50, R8000P before 1.4.1.50, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.1.12, RAX45 before 1.0.2.66, RAX50 before 1.0.2.66, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RS400 before 1.5.0.48, and XR300 before 1.0.3.50.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgear R6400v2 Firmware | <1.0.4.84 | |
| NETGEAR R6400v2 | ||
| Netgear R6700v3 Firmware | <1.0.4.84 | |
| NETGEAR R6700v3 | ||
| Netgear R6900p Firmware | <1.3.2.124 | |
| Netgear R6900P | ||
| Netgear R7000 Firmware | <1.0.11.100 | |
| NETGEAR R7000 | ||
| Netgear R7000p Firmware | <1.3.2.124 | |
| Netgear R7000P | ||
| NETGEAR R7800 firmware | <1.0.2.74 | |
| NETGEAR R7800 | ||
| Netgear R7850 Firmware | <1.0.5.60 | |
| NETGEAR R6400v2 | ||
| Netgear R7900 Firmware | <1.0.4.26 | |
| Netgear R7900 | ||
| Netgear R7960p Firmware | <1.4.1.50 | |
| Netgear R7960p | ||
| Netgear R8000 Firmware | <1.0.4.52 | |
| NETGEAR R8000 | ||
| Netgear R7900p Firmware | <1.4.1.50 | |
| Netgear R7900p | ||
| Netgear R8000p Firmware | <1.4.1.50 | |
| Netgear R8000p | ||
| Netgear Rax15 Firmware | <1.0.1.64 | |
| Netgear Rax15 | ||
| Netgear Rax20 Firmware | <1.0.1.64 | |
| Netgear Rax20 | ||
| Netgear Rax200 Firmware | <1.0.1.12 | |
| NETGEAR RAX200 | ||
| Netgear Rax45 Firmware | <1.0.2.66 | |
| Netgear Rax45 | ||
| Netgear Rax50 Firmware | <1.0.2.66 | |
| Netgear Rax50 | ||
| Netgear Rax75 Firmware | <1.0.3.102 | |
| Netgear Rax75 | ||
| Netgear Rax80 Firmware | <1.0.3.102 | |
| Netgear Rax80 | ||
| Netgear Rbk752 Firmware | <3.2.16.6 | |
| Netgear Rbk752 | ||
| Netgear Rbr750 Firmware | <3.2.16.6 | |
| Netgear Rbr750 | ||
| Netgear Rbs750 Firmware | <3.2.16.6 | |
| Netgear Rbs750 | ||
| Netgear Rbk852 Firmware | <3.2.15.25 | |
| Netgear Rbk852 | ||
| Netgear Rbr850 Firmware | <3.2.15.25 | |
| NETGEAR RBR850 | ||
| Netgear Rbs850 Firmware | <3.2.15.25 | |
| Netgear Rbs850 | ||
| Netgear Rbk842 Firmware | <3.2.15.25 | |
| Netgear Rbk842 | ||
| Netgear Rbr840 Firmware | <3.2.15.25 | |
| Netgear Rbr840 | ||
| Netgear Rbs840 Firmware | <3.2.15.25 | |
| Netgear Rbs840 | ||
| Netgear Rs400 Firmware | <1.5.0.48 | |
| Netgear Rs400 | ||
| Netgear Xr300 Firmware | <1.0.3.50 | |
| Netgear XR300 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
Which devices are affected by CVE-2020-35798?
NETGEAR R6400v2, R6700v3, R6900P, R7000, R7000P, R7800, R7850, R7900, R7960p, R8000, R8000p, Rax15, Rax20, Rax200, Rax45, Rax50, Rax75, Rax80, Rbk752, Rbr750, Rbs750, Rbk852, Rbr850, Rbs850, Rbk842, Rbr840, Rbs840, Rs400, XR300.
What is the severity level of CVE-2020-35798?
The severity level of CVE-2020-35798 is critical.
How does CVE-2020-35798 impact NETGEAR devices?
CVE-2020-35798 allows an unauthenticated attacker to execute arbitrary commands on affected NETGEAR devices.
Is my device vulnerable to CVE-2020-35798?
If you have one of the affected NETGEAR devices mentioned in the advisory, your device could be vulnerable to CVE-2020-35798.
How can I mitigate the vulnerability in my NETGEAR device?
To mitigate the vulnerability, update your device's firmware to the latest version provided by NETGEAR.
- collector/nvd-index
- agent/weakness
- agent/description
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/netgear
- canonical/netgear r6400v2 firmware
- canonical/netgear r6400v2
- canonical/netgear r6700v3 firmware
- canonical/netgear r6700v3
- canonical/netgear r6900p firmware
- canonical/netgear r6900p
- canonical/netgear r7000 firmware
- canonical/netgear r7000
- canonical/netgear r7000p firmware
- canonical/netgear r7000p
- canonical/netgear r7800 firmware
- canonical/netgear r7800
- canonical/netgear r7850 firmware
- canonical/netgear r7900 firmware
- canonical/netgear r7900
- canonical/netgear r7960p firmware
- canonical/netgear r7960p
- canonical/netgear r8000 firmware
- canonical/netgear r8000
- canonical/netgear r7900p firmware
- canonical/netgear r7900p
- canonical/netgear r8000p firmware
- canonical/netgear r8000p
- canonical/netgear rax15 firmware
- canonical/netgear rax15
- canonical/netgear rax20 firmware
- canonical/netgear rax20
- canonical/netgear rax200 firmware
- canonical/netgear rax200
- canonical/netgear rax45 firmware
- canonical/netgear rax45
- canonical/netgear rax50 firmware
- canonical/netgear rax50
- canonical/netgear rax75 firmware
- canonical/netgear rax75
- canonical/netgear rax80 firmware
- canonical/netgear rax80
- canonical/netgear rbk752 firmware
- canonical/netgear rbk752
- canonical/netgear rbr750 firmware
- canonical/netgear rbr750
- canonical/netgear rbs750 firmware
- canonical/netgear rbs750
- canonical/netgear rbk852 firmware
- canonical/netgear rbk852
- canonical/netgear rbr850 firmware
- canonical/netgear rbr850
- canonical/netgear rbs850 firmware
- canonical/netgear rbs850
- canonical/netgear rbk842 firmware
- canonical/netgear rbk842
- canonical/netgear rbr840 firmware
- canonical/netgear rbr840
- canonical/netgear rbs840 firmware
- canonical/netgear rbs840
- canonical/netgear rs400 firmware
- canonical/netgear rs400
- canonical/netgear xr300 firmware
- canonical/netgear xr300