CVE-2020-14435

CWE-77 — Command Injection CWE-743 documents3 sources

Severity

8.8HIGH

EPSS

0.2%

top 56.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Srk60 Firmware Netgear Srk60b03 Firmware Netgear Srk60b04 Firmware +4 more

Timeline

PublishedJun 18

Latest updateMay 24

Description

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.2.104, SRS60 before 2.5.2.104, SRR60 before 2.5.2.104, SRK60B03 before 2.5.2.104, SRK60B04 before 2.5.2.104, SRK60B05 before 2.5.2.104, and SRK60B06 before 2.5.2.104.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

▶NVDnetgear/srk60b03_firmware< 2.5.2.104

▶NVDnetgear/srk60b04_firmware< 2.5.2.104

▶NVDnetgear/srk60b05_firmware< 2.5.2.104

▶NVDnetgear/srk60b06_firmware< 2.5.2.104

▶NVDnetgear/srk60_firmware< 2.5.2.104

🔴Vulnerability Details

GHSA

GHSA-9477-3f5g-fjxm: Certain NETGEAR devices are affected by command injection by an unauthenticated attacker↗2022-05-24

▶

CVEList

CVE-2020-14435: Certain NETGEAR devices are affected by command injection by an unauthenticated attacker↗2020-06-18

▶