CVE-2019-20710Command Injection in Netgear D3600 Firmware

CWE-77Command InjectionCWE-78OS Command InjectionCWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
8.0HIGHNVD
EPSS
0.3%
top 45.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Netgear D3600 FirmwareNetgear D6000 FirmwareNetgear Xr500 Firmware
Timeline
PublishedApr 16
Latest updateMay 24

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages3 packages

NVDnetgear/d3600_firmware< 1.0.0.76
NVDnetgear/d6000_firmware< 1.0.0.76
NVDnetgear/xr500_firmware< 2.3.2.32

🔴Vulnerability Details

2
GHSA
GHSA-wx73-f633-64gg: Certain NETGEAR devices are affected by command injection by an authenticated user2022-05-24
CVEList
CVE-2019-20710: Certain NETGEAR devices are affected by command injection by an authenticated user2020-04-16

📋Vendor Advisories

1
Red Hat
yaml-cpp: remote dos via crafted YAML file in function SingleDocParser::HandleFlowSequence2019-01-14
CVE-2019-20710 — Command Injection in Netgear | cvebase