CVE-2020-35797
CRITICAL WAF: Medium
CVSS 9.8
Published: 2020-12-30
CWE-434
NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an unauthenticated attacker.
WAF Coverage Analysis
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| netgear | nms300_firmware | up to 1.6.0.27 |
References
- kb.netgear.com (Vendor Advisory)