CVE-2020-35789
HIGH WAF: High
CVSS 8.8
Published: 2020-12-30
CWE-20 CWE-78
NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an authenticated user.
WAF Coverage Analysis
Improper Input Validation
Medium WAF Coverage
OWASP: A03:2021 Injection
920xxx - Protocol Enforcement 941xxx - XSS / XXE 942xxx - SQL Injection
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| netgear | nms300_firmware | up to 1.6.0.27 |
References
- kb.netgear.com (Vendor Advisory)