Details of VAR-202012-1188

ID

VAR-202012-1188

CVE

CVE-2020-35789

TITLE

NETGEAR NMS300 In the device OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-014981

DESCRIPTION

NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an authenticated user. NETGEAR NMS300 The device has OS There are command injection vulnerabilities and input verification vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR NMS300 is a ProSAFE network management system. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2020-35789 // JVNDB: JVNDB-2020-014981 // CNVD: CNVD-2020-75523

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-75523

AFFECTED PRODUCTS

vendor:	netgear	model:	nms300	scope:	lt	version:	1.6.0.27	Trust: 1.6
vendor:	ネットギア	model:	nms300	scope:	eq	version:	nms300 firmware 1.6.0.27	Trust: 0.8
vendor:	ネットギア	model:	nms300	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2020-75523 // JVNDB: JVNDB-2020-014981 // NVD: CVE-2020-35789

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-35789
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2020-35789
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-35789
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-75523
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202012-1801
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-35789
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-75523
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-35789
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2020-014981
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-75523 // JVNDB: JVNDB-2020-014981 // CNNVD: CNNVD-202012-1801 // NVD: CVE-2020-35789 // NVD: CVE-2020-35789

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	CWE-78	Trust: 1.0
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8
problemtype:	OS Command injection (CWE-78) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-014981 // NVD: CVE-2020-35789

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-1801

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202012-1801

PATCH

title:	Security Advisory for Post-Authentication Command Injection on NMS300, PSV-2020-0559	url:	https://kb.netgear.com/000062686/Security-Advisory-for-Post-Authentication-Command-Injection-on-NMS300-PSV-2020-0559	Trust: 0.8
title:	Patch for NETGEAR NMS300 command injection vulnerability (CNVD-2020-75523)	url:	https://www.cnvd.org.cn/patchInfo/show/242992	Trust: 0.6
title:	Netgear NMS300 Fixes for command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138292	Trust: 0.6

sources: CNVD: CNVD-2020-75523 // JVNDB: JVNDB-2020-014981 // CNNVD: CNNVD-202012-1801

EXTERNAL IDS

db:	NVD	id:	CVE-2020-35789	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-014981	Trust: 0.8
db:	CNVD	id:	CNVD-2020-75523	Trust: 0.6
db:	CNNVD	id:	CNNVD-202012-1801	Trust: 0.6

sources: CNVD: CNVD-2020-75523 // JVNDB: JVNDB-2020-014981 // CNNVD: CNNVD-202012-1801 // NVD: CVE-2020-35789

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-35789	Trust: 2.0
url:	https://kb.netgear.com/000062686/security-advisory-for-post-authentication-command-injection-on-nms300-psv-2020-0559	Trust: 1.6

sources: CNVD: CNVD-2020-75523 // JVNDB: JVNDB-2020-014981 // CNNVD: CNNVD-202012-1801 // NVD: CVE-2020-35789

SOURCES

db:	CNVD	id:	CNVD-2020-75523
db:	JVNDB	id:	JVNDB-2020-014981
db:	CNNVD	id:	CNNVD-202012-1801
db:	NVD	id:	CVE-2020-35789

LAST UPDATE DATE

2024-11-23T21:35:01.621000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-75523	date:	2020-12-31T00:00:00
db:	JVNDB	id:	JVNDB-2020-014981	date:	2021-09-07T06:17:00
db:	CNNVD	id:	CNNVD-202012-1801	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-35789	date:	2024-11-21T05:28:06.247

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-75523	date:	2020-12-31T00:00:00
db:	JVNDB	id:	JVNDB-2020-014981	date:	2021-09-07T00:00:00
db:	CNNVD	id:	CNNVD-202012-1801	date:	2020-12-29T00:00:00
db:	NVD	id:	CVE-2020-35789	date:	2020-12-30T00:15:13.690