HIGH✓ PATCH🇬🇧 English

CVE-2020-35785

CVSS 8.3v3.1pub. 2020-12-30upd. 2024-11-21

NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365).

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Netgear Dgn2200

    HW
    Netgear
    v1
  • Netgear Dgn2200 Firmware

    OS
    Netgear
    < 1.0.0.60
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2017-6077CRITICAL9.8⚠ KEVten sam produkt

ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execu...

CVE-2021-38516CRITICAL10.0ten sam produkt

Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 befor...

CVE-2019-17373CRITICAL9.8ten sam produkt

Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending wi...

CVE-2016-5649CRITICAL9.8ten sam produkt

A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, an...

CVE-2024-57046HIGH8.8ten sam produkt

A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized...

CVE-2020-35785 — HIGH 8.3 | CVEbaza.pl