1. Home
  2. CVE Database
  3. CVE-2020-26922
MEDIUM · 6.4

CVE-2020-26922

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.

Vulnerability Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.

CVSS Score

6.4

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
NetgearWc7500 Firmware< 6.5.5.24
NetgearWc7500-
NetgearWc7600 Firmware< 6.5.5.24
NetgearWc7600-
NetgearWc7600V2 Firmware< 6.5.5.24
NetgearWc7600V2-
NetgearWc9500 Firmware< 6.5.5.24
NetgearWc9500-

Related Weaknesses (CWE)

CWE-77

References

FAQ

What is CVE-2020-26922?

CVE-2020-26922 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.

How severe is CVE-2020-26922?

CVE-2020-26922 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-26922?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Wc7500 Firmware, Netgear Wc7500, Netgear Wc7600 Firmware, Netgear Wc7600, Netgear Wc7600V2 Firmware.