HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2020-35785

CVSS 8.3v3.1pub. 2020-12-30upd. 2024-11-21

NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365).

CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Netgear Dgn2200

    HW
    Netgear
    v1
  • Netgear Dgn2200 Firmware

    OS
    Netgear
    < 1.0.0.60
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2017-6077CRITICAL9.8⚠ KEVten sam produkt

ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execu...

CVE-2021-38516CRITICAL10.0ten sam produkt

Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 befor...

CVE-2019-17373CRITICAL9.8ten sam produkt

Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending wi...

CVE-2016-5649CRITICAL9.8ten sam produkt

A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, an...

CVE-2024-57046HIGH8.8ten sam produkt

A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized...