Command Injection Vulnerability in NETGEAR Wi-Fi Systems
CVE-2020-26920

8.8HIGH

Key Information:

Vendor: Netgear
Status: Srk60 Firmware
Vendor: CVE Published:; 9 October 2020

What is CVE-2020-26920?

Certain NETGEAR Wi-Fi systems are susceptible to a command injection vulnerability that allows an unauthenticated attacker to execute arbitrary commands. This affects models SRK60, SRR60, and SRS60, all of which need to be updated to version 2.5.3.110 or later to mitigate potential risks. Users are advised to apply the latest firmware updates to secure their devices against this vulnerability, ensuring optimal protection for their network environment.

References

https://kb.netgear.com/000062333/Security-Advisory-for-Pr...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2020
Vulnerability Reserved
Oct 9, 2020

Netgear

What is CVE-2020-26920?

References

CVSS V3.1

Timeline