CVE-2020-26907
CRITICAL9.6CVSS v3
7.7CVSS v2
0.38%
EPSS (exploit probability)
CWE-77CWE
Description
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.
CVSS v3 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected routers (2)
| Vendor | Model | Matched via | Affected versions | Fixed in | Patch? |
|---|---|---|---|---|---|
| Netgear | Netgear Orbi RBK852 | — |
— | — | No |
| Netgear | Netgear Orbi RBR850 | — |
— | — | No |