9.8 - CVE-2020-35796

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2020-35796	First vendor Publication	2020-12-30
Vendor	Cve	Last vendor Modification	2021-01-04

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score	9.8
Base Score	9.8	Environmental Score	9.8
impact SubScore	5.9	Temporal Score	9.8
Exploitabality Sub Score	3.9

Attack Vector	Network	Attack Complexity	Low
Privileges Required	None	User Interaction	None
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects CBR40 before 2.5.0.10, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100 before 1.0.2.28, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150 before 1.0.0.46, EX6200 before 1.0.3.94, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6250 before 1.0.4.42, R6300v2 before 1.0.4.42, R6400 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6700 before 1.0.2.16, R6900P before 1.3.2.124, R6900 before 1.0.2.16, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.2.102, RAX45 before 1.0.2.32, RAX50 before 1.0.2.32, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V-200 before 1.0.0.46, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3500RP before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35796

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Type	Description	Count
Os	Netgear Cbr40 Firmware cpe:2.3:o:netgear:cbr40_firmware::::::::	1
Os	Netgear D6220 Firmware cpe:2.3:o:netgear:d6220_firmware:1.0.0.22:::::::* cpe:2.3:o:netgear:d6220_firmware:1.0.0.12:::::::* cpe:2.3:o:netgear:d6220_firmware:::::::: cpe:2.3:o:netgear:d6220_firmware:-:::::::*	4
Os	Netgear D6400 Firmware cpe:2.3:o:netgear:d6400_firmware:1.0.0.56:::::::* cpe:2.3:o:netgear:d6400_firmware:1.0.0.44:::::::* cpe:2.3:o:netgear:d6400_firmware:::::::: cpe:2.3:o:netgear:d6400_firmware:-:::::::*	4
Os	Netgear D7000V2 Firmware cpe:2.3:o:netgear:d7000v2_firmware::::::::	1
Os	Netgear D8500 Firmware cpe:2.3:o:netgear:d8500_firmware:::::::: cpe:2.3:o:netgear:d8500_firmware:-:::::::*	2
Os	Netgear Dc112A Firmware cpe:2.3:o:netgear:dc112a_firmware:::::::: cpe:2.3:o:netgear:dc112a_firmware:-:::::::*	2
Os	Netgear Dgn2200V4 Firmware cpe:2.3:o:netgear:dgn2200v4_firmware::::::::	1
Os	Netgear Eax20 Firmware cpe:2.3:o:netgear:eax20_firmware::::::::	1
Os	Netgear Eax80 Firmware cpe:2.3:o:netgear:eax80_firmware::::::::	1
Os	Netgear Ex3700 Firmware cpe:2.3:o:netgear:ex3700_firmware::::::::	1
Os	Netgear Ex3800 Firmware cpe:2.3:o:netgear:ex3800_firmware::::::::	1
Os	Netgear Ex3920 Firmware cpe:2.3:o:netgear:ex3920_firmware::::::::	1
Os	Netgear Ex6000 Firmware cpe:2.3:o:netgear:ex6000_firmware::::::::	1
Os	Netgear Ex6100 Firmware cpe:2.3:o:netgear:ex6100_firmware::::::::	1
Os	Netgear Ex6120 Firmware cpe:2.3:o:netgear:ex6120_firmware::::::::	1
Os	Netgear Ex6130 Firmware cpe:2.3:o:netgear:ex6130_firmware::::::::	1
Os	Netgear Ex6150 Firmware cpe:2.3:o:netgear:ex6150_firmware::::::::	1
Os	Netgear Ex6200 Firmware cpe:2.3:o:netgear:ex6200_firmware::::::::	1
Os	Netgear Ex6920 Firmware cpe:2.3:o:netgear:ex6920_firmware::::::::	1
Os	Netgear Ex7000 Firmware cpe:2.3:o:netgear:ex7000_firmware:1.0.0.42_1.0.94:::::::* cpe:2.3:o:netgear:ex7000_firmware::::::::	2
Os	Netgear Ex7500 Firmware cpe:2.3:o:netgear:ex7500_firmware::::::::	1
Os	Netgear Mk62 Firmware cpe:2.3:o:netgear:mk62_firmware::::::::	1
Os	Netgear Mr60 Firmware cpe:2.3:o:netgear:mr60_firmware::::::::	1
Os	Netgear Ms60 Firmware cpe:2.3:o:netgear:ms60_firmware::::::::	1
Os	Netgear R6250 Firmware cpe:2.3:o:netgear:r6250_firmware:1.0.4.6_10.1.12:::::::* cpe:2.3:o:netgear:r6250_firmware:::::::: cpe:2.3:o:netgear:r6250_firmware:-:::::::*	3
Os	Netgear R6300V2 Firmware cpe:2.3:o:netgear:r6300v2_firmware:1.0.4.8:::::::* cpe:2.3:o:netgear:r6300v2_firmware:::::::: cpe:2.3:o:netgear:r6300v2_firmware:-:::::::*	3
Os	Netgear R6400 Firmware cpe:2.3:o:netgear:r6400_firmware:1.0.1.18:::::::* cpe:2.3:o:netgear:r6400_firmware:::::::: cpe:2.3:o:netgear:r6400_firmware:-:::::::*	3
Os	Netgear R6400V2 Firmware cpe:2.3:o:netgear:r6400v2_firmware::::::::	1
Os	Netgear R6700 Firmware cpe:2.3:o:netgear:r6700_firmware:1.0.1.14:::::::* cpe:2.3:o:netgear:r6700_firmware:1.0.0.26:::::::* cpe:2.3:o:netgear:r6700_firmware:::::::: cpe:2.3:o:netgear:r6700_firmware:-:::::::*	4
Os	Netgear R6700V3 Firmware cpe:2.3:o:netgear:r6700v3_firmware::::::::	1
Os	Netgear R6900 Firmware cpe:2.3:o:netgear:r6900_firmware:1.0.1.14:::::::* cpe:2.3:o:netgear:r6900_firmware:::::::: cpe:2.3:o:netgear:r6900_firmware:-:::::::*	3
Os	Netgear R6900P Firmware cpe:2.3:o:netgear:r6900p_firmware:::::::: cpe:2.3:o:netgear:r6900p_firmware:-:::::::*	2
Os	Netgear R7000 Firmware cpe:2.3:o:netgear:r7000_firmware:1.0.7.2_1.1.93:::::::* cpe:2.3:o:netgear:r7000_firmware:::::::: cpe:2.3:o:netgear:r7000_firmware:-:::::::*	3
Os	Netgear R7000P Firmware cpe:2.3:o:netgear:r7000p_firmware:1.3.1.64:::::::* cpe:2.3:o:netgear:r7000p_firmware:1.3.0.8:::::::* cpe:2.3:o:netgear:r7000p_firmware:::::::: cpe:2.3:o:netgear:r7000p_firmware:-:::::::*	4
Os	Netgear R7100Lg Firmware cpe:2.3:o:netgear:r7100lg_firmware:1.0.0.28:::::::* cpe:2.3:o:netgear:r7100lg_firmware:::::::: cpe:2.3:o:netgear:r7100lg_firmware:-:::::::*	3
Os	Netgear R7850 Firmware cpe:2.3:o:netgear:r7850_firmware::::::::	1
Os	Netgear R7900 Firmware cpe:2.3:o:netgear:r7900_firmware:1.0.3.810.037:::::::* cpe:2.3:o:netgear:r7900_firmware:1.0.1.8:::::::* cpe:2.3:o:netgear:r7900_firmware:::::::: cpe:2.3:o:netgear:r7900_firmware:-:::::::*	4
Os	Netgear R7900P Firmware cpe:2.3:o:netgear:r7900p_firmware:::::::: cpe:2.3:o:netgear:r7900p_firmware:-:::::::*	2
Os	Netgear R7960P Firmware cpe:2.3:o:netgear:r7960p_firmware::::::::	1
Os	Netgear R8000 Firmware cpe:2.3:o:netgear:r8000_firmware:1.0.4.56:::::::* cpe:2.3:o:netgear:r8000_firmware:1.0.4.28_10.1.54:::::::* cpe:2.3:o:netgear:r8000_firmware:1.0.3.26:::::::* cpe:2.3:o:netgear:r8000_firmware:::::::: cpe:2.3:o:netgear:r8000_firmware:-:::::::*	5
Os	Netgear R8000P Firmware cpe:2.3:o:netgear:r8000p_firmware:::::::: cpe:2.3:o:netgear:r8000p_firmware:-:::::::*	2
Os	Netgear R8300 Firmware cpe:2.3:o:netgear:r8300_firmware:::::::: cpe:2.3:o:netgear:r8300_firmware:-:::::::*	2
Os	Netgear R8500 Firmware cpe:2.3:o:netgear:r8500_firmware:::::::: cpe:2.3:o:netgear:r8500_firmware:-:::::::*	2
Os	Netgear Rax15 Firmware cpe:2.3:o:netgear:rax15_firmware::::::::	1
Os	Netgear Rax20 Firmware cpe:2.3:o:netgear:rax20_firmware::::::::	1
Os	Netgear Rax200 Firmware cpe:2.3:o:netgear:rax200_firmware::::::::	1
Os	Netgear Rax50 Firmware cpe:2.3:o:netgear:rax50_firmware::::::::	1
Os	Netgear Rax75 Firmware cpe:2.3:o:netgear:rax75_firmware::::::::	1
Os	Netgear Rax80 Firmware cpe:2.3:o:netgear:rax80_firmware::::::::	1
Os	Netgear Rbk752 Firmware cpe:2.3:o:netgear:rbk752_firmware::::::::	1
Os	Netgear Rbk842 Firmware cpe:2.3:o:netgear:rbk842_firmware::::::::	1
Os	Netgear Rbk852 Firmware cpe:2.3:o:netgear:rbk852_firmware::::::::	1
Os	Netgear Rbr750 Firmware cpe:2.3:o:netgear:rbr750_firmware::::::::	1
Os	Netgear Rbr840 Firmware cpe:2.3:o:netgear:rbr840_firmware::::::::	1
Os	Netgear Rbr850 Firmware cpe:2.3:o:netgear:rbr850_firmware::::::::	1
Os	Netgear rbs40v-200 Firmware cpe:2.3:o:netgear:rbs40v-200_firmware::::::::	1
Os	Netgear Rbs750 Firmware cpe:2.3:o:netgear:rbs750_firmware::::::::	1
Os	Netgear Rbs840 Firmware cpe:2.3:o:netgear:rbs840_firmware::::::::	1
Os	Netgear Rbs850 Firmware cpe:2.3:o:netgear:rbs850_firmware::::::::	1
Os	Netgear Rbw30 Firmware cpe:2.3:o:netgear:rbw30_firmware::::::::	1
Os	Netgear Rs400 Firmware cpe:2.3:o:netgear:rs400_firmware::::::::	1
Os	Netgear Rx45 Firmware cpe:2.3:o:netgear:rx45_firmware::::::::	1
Os	Netgear Wn2500Rpv2 Firmware cpe:2.3:o:netgear:wn2500rpv2_firmware:::::::: cpe:2.3:o:netgear:wn2500rpv2_firmware:-:::::::*	2
Os	Netgear Wn3500Rp Firmware cpe:2.3:o:netgear:wn3500rp_firmware::::::::	1
Os	Netgear Wndr3400V3 Firmware cpe:2.3:o:netgear:wndr3400v3_firmware::::::::	1
Os	Netgear Wnr1000V3 Firmware cpe:2.3:o:netgear:wnr1000v3_firmware:1.0.2.68_60.0.93:::::::* cpe:2.3:o:netgear:wnr1000v3_firmware:1.0.2.68:::::::* cpe:2.3:o:netgear:wnr1000v3_firmware:::::::: cpe:2.3:o:netgear:wnr1000v3_firmware:-:::::::*	4
Os	Netgear Wnr2000V2 Firmware cpe:2.3:o:netgear:wnr2000v2_firmware:::::::: cpe:2.3:o:netgear:wnr2000v2_firmware:-:::::::*	2
Os	Netgear Wnr3500Lv2 Firmware cpe:2.3:o:netgear:wnr3500lv2_firmware::::::::	1
Os	Netgear Xr300 Firmware cpe:2.3:o:netgear:xr300_firmware::::::::	1

Sources (Detail)

Source	Url
MISC	https://kb.netgear.com/000062717/Security-Advisory-for-Pre-Authentication-Buf...

Alert History

If you want to see full details history, please login or register.

Date	Informations
2023-08-10 01:57:08	Multiple Updates
2023-05-09 01:56:34	Multiple Updates
2022-11-24 01:51:38	Multiple Updates
2022-09-13 01:55:05	Multiple Updates
2021-01-04 17:22:54	Multiple Updates
2020-12-31 01:31:44	Multiple Updates
2020-12-31 01:30:11	Multiple Updates
2020-12-30 17:22:51	Multiple Updates
2020-12-30 05:22:50	First insertion

Type	Count
CWE ID(s)	1
CPE ID(s)	113
Sources(s)	1

9.8 - CVE-2020-35796

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Sources (Detail)

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU