CVE-2020-35795 : Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D7800 before 1.0.1.58, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900P before 1.3.2.124, R6900 before 1.0.2.16, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RS400 before 1.5.0.48, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34.

Published 2020-12-30 00:15:14

Updated 2021-01-04 14:43:54

Source MITRE

View at NVD, CVE.org

Vulnerability category: Overflow

Products affected by CVE-2020-35795

Netgear » R6400 Firmware
Versions before (<) 1.0.1.62
cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6400 » Version: N/A
Netgear » R6700 Firmware
Versions before (<) 1.0.2.16
cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6700 » Version: N/A
Netgear » R6900 Firmware
Versions before (<) 1.0.2.16
cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6900 » Version: N/A
Netgear » R7000 Firmware
Versions before (<) 1.0.11.106
cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7000 » Version: N/A
Netgear » R7900 Firmware
Versions before (<) 1.0.4.26
cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7900 » Version: N/A
Netgear » R8000 Firmware
Versions before (<) 1.0.4.58
cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R8000 » Version: N/A
Netgear » R6220 Firmware
Versions before (<) 1.1.0.100
cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6220 » Version: N/A
Netgear » R6120 Firmware
Versions before (<) 1.0.0.70
cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6120 » Version: N/A
Netgear » R6800 Firmware
Versions before (<) 1.2.0.72
cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6800 » Version: N/A
Netgear » R7000p Firmware
Versions before (<) 1.3.2.124
cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7000p » Version: N/A
Netgear » R6900p Firmware
Versions before (<) 1.3.2.124
cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6900p » Version: N/A
Netgear » R7800 Firmware
Versions before (<) 1.0.2.74
cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7800 » Version: N/A
Netgear » R9000 Firmware
Versions before (<) 1.0.5.24
cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R9000 » Version: N/A
Netgear » D7800 Firmware
Versions before (<) 1.0.1.58
cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » D7800 » Version: N/A
Netgear » R7900p Firmware
Versions before (<) 1.4.1.62
cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7900p » Version: N/A
Netgear » R8000p Firmware
Versions before (<) 1.4.1.62
cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R8000p » Version: N/A
Netgear » R8900 Firmware
Versions before (<) 1.0.5.24
cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R8900 » Version: N/A
Netgear » Xr500 Firmware
Versions before (<) 2.3.2.66
cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Xr500 » Version: N/A
Netgear » Xr700 Firmware
Versions before (<) 1.0.1.34
cpe:2.3:o:netgear:xr700_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Xr700 » Version: N/A
Netgear » R6230 Firmware
Versions before (<) 1.1.0.100
cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6230 » Version: N/A
Netgear » R6260 Firmware
Versions before (<) 1.1.0.76
cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6260 » Version: N/A
Netgear » Rbr20 Firmware
Versions before (<) 2.6.1.36
cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbr20 » Version: N/A
Netgear » Rbs20 Firmware
Versions before (<) 2.6.1.38
cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbs20 » Version: N/A
Netgear » Rbk20 Firmware
Versions before (<) 2.6.1.38
cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbk20 » Version: N/A
Netgear » Rbr40 Firmware
Versions before (<) 2.6.1.36
cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbr40 » Version: N/A
Netgear » Rbs40 Firmware
Versions before (<) 2.6.1.38
cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbs40 » Version: N/A
Netgear » Rbk40 Firmware
Versions before (<) 2.6.1.38
cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbk40 » Version: N/A
Netgear » Rbr50 Firmware
Versions before (<) 2.6.1.40
cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbr50 » Version: N/A
Netgear » Rbs50 Firmware
Versions before (<) 2.6.1.40
cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbs50 » Version: N/A
Netgear » Rbk50 Firmware
Versions before (<) 2.6.1.40
cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbk50 » Version: N/A
Netgear » Xr450 Firmware
Versions before (<) 2.3.2.66
cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Xr450 » Version: N/A
Netgear » Ex7500 Firmware
Versions before (<) 1.0.0.68
cpe:2.3:o:netgear:ex7500_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Ex7500 » Version: N/A
Netgear » Rax120 Firmware
Versions before (<) 1.0.1.136
cpe:2.3:o:netgear:rax120_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rax120 » Version: N/A
Netgear » Rbk12 Firmware
Versions before (<) 2.6.1.44
cpe:2.3:o:netgear:rbk12_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbk12 » Version: N/A
Netgear » Rbr10 Firmware
Versions before (<) 2.6.1.44
cpe:2.3:o:netgear:rbr10_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbr10 » Version: N/A
Netgear » Rbs10 Firmware
Versions before (<) 2.6.1.44
cpe:2.3:o:netgear:rbs10_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbs10 » Version: N/A
Netgear » Rbr850 Firmware
Versions before (<) 3.2.16.6
cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbr850 » Version: N/A
Netgear » Rbk852 Firmware
Versions before (<) 3.2.16.6
cpe:2.3:o:netgear:rbk852_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbk852 » Version: N/A
Netgear » Rbs850 Firmware
Versions before (<) 3.2.16.6
cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbs850 » Version: N/A
Netgear » Rbk752 Firmware
Versions before (<) 3.2.16.6
cpe:2.3:o:netgear:rbk752_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbk752 » Version: N/A
Netgear » Rbr750 Firmware
Versions before (<) 3.2.16.6
cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbr750 » Version: N/A
Netgear » Rbs750 Firmware
Versions before (<) 3.2.16.6
cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbs750 » Version: N/A
Netgear » Cbr40 Firmware
Versions before (<) 2.5.0.10
cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Cbr40 » Version: N/A
Netgear » R7960p Firmware
Versions before (<) 1.4.1.62
cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7960p » Version: N/A
Netgear » Rax75 Firmware
Versions before (<) 1.0.3.102
cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rax75 » Version: N/A
Netgear » Rax80 Firmware
Versions before (<) 1.0.3.102
cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rax80 » Version: N/A
Netgear » R7850 Firmware
Versions before (<) 1.0.5.60
cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7850 » Version: N/A
Netgear » Rax200 Firmware
Versions before (<) 1.0.2.102
cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rax200 » Version: N/A
Netgear » Rs400 Firmware
Versions before (<) 1.5.0.48
cpe:2.3:o:netgear:rs400_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rs400 » Version: N/A
Netgear » Xr300 Firmware
Versions before (<) 1.0.3.50
cpe:2.3:o:netgear:xr300_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Xr300 » Version: N/A
Netgear » Mr60 Firmware
Versions before (<) 1.0.5.102
cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Mr60 » Version: N/A
Netgear » Ms60 Firmware
Versions before (<) 1.0.5.102
cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Ms60 » Version: N/A
Netgear » Rax15 Firmware
Versions before (<) 1.0.1.64
cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rax15 » Version: N/A
Netgear » Rax20 Firmware
Versions before (<) 1.0.1.64
cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rax20 » Version: N/A
Netgear » Rax45 Firmware
Versions before (<) 1.0.2.64
cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rax45 » Version: N/A
Netgear » Rax50 Firmware
Versions before (<) 1.0.2.64
cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rax50 » Version: N/A
Netgear » Eax80 Firmware
Versions before (<) 1.0.1.62
cpe:2.3:o:netgear:eax80_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Eax80 » Version: N/A
Netgear » Eax20 Firmware
Versions before (<) 1.0.0.36
cpe:2.3:o:netgear:eax20_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Eax20 » Version: N/A
Netgear » Rbk842 Firmware
Versions before (<) 3.2.16.6
cpe:2.3:o:netgear:rbk842_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbk842 » Version: N/A
Netgear » Rbr840 Firmware
Versions before (<) 3.2.16.6
cpe:2.3:o:netgear:rbr840_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbr840 » Version: N/A
Netgear » Rbs840 Firmware
Versions before (<) 3.2.16.6
cpe:2.3:o:netgear:rbs840_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Rbs840 » Version: N/A
Netgear » R6850 Firmware
Versions before (<) 1.1.0.76
cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6850 » Version: N/A
Netgear » R6350 Firmware
Versions before (<) 1.1.0.76
cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6350 » Version: N/A
Netgear » R6330 Firmware
Versions before (<) 1.1.0.76
cpe:2.3:o:netgear:r6330_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6330 » Version: N/A
Netgear » R7200 Firmware
Versions before (<) 1.2.0.72
cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7200 » Version: N/A
Netgear » R7350 Firmware
Versions before (<) 1.2.0.72
cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7350 » Version: N/A
Netgear » R7400 Firmware
Versions before (<) 1.2.0.72
cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7400 » Version: N/A
Netgear » R7450 Firmware
Versions before (<) 1.2.0.72
cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7450 » Version: N/A
Netgear » Ac2100 Firmware
Versions before (<) 1.2.0.72
cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Ac2100 » Version: N/A
Netgear » Ac2400 Firmware
Versions before (<) 1.2.0.72
cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Ac2400 » Version: N/A
Netgear » Ac2600 Firmware
Versions before (<) 1.2.0.72
cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Ac2600 » Version: N/A
Netgear » Mk62 Firmware
Versions before (<) 1.0.5.102
cpe:2.3:o:netgear:mk62_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Mk62 » Version: N/A
Netgear » R6700v2 Firmware
Versions before (<) 1.2.0.72
cpe:2.3:o:netgear:r6700v2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6700v2 » Version: N/A
Netgear » R6900v2 Firmware
Versions before (<) 1.2.0.72
cpe:2.3:o:netgear:r6900v2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6900v2 » Version: N/A
Netgear » R6400v2 Firmware
Versions before (<) 1.0.4.98
cpe:2.3:o:netgear:r6400v2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6400v2 » Version: N/A
Netgear » R6700v3 Firmware
Versions before (<) 1.0.4.98
cpe:2.3:o:netgear:r6700v3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6700v3 » Version: N/A
Netgear » Cbk40 Firmware
Versions before (<) 2.5.0.10
cpe:2.3:o:netgear:cbk40_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Cbk40 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-35795

EPSS FAQ

0.56%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 66 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-35795

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	MITRE
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-35795

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-35795

https://kb.netgear.com/000062735/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0154

Security Advisory for Pre-Authentication Buffer Overflow on Some Routers, Range Extenders, and Orbi WiFi Systems, PSV-2020-0154 | Answer | NETGEAR Support
Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-35795

Products affected by CVE-2020-35795

Exploit prediction scoring system (EPSS) score for CVE-2020-35795

CVSS scores for CVE-2020-35795

CWE ids for CVE-2020-35795

References for CVE-2020-35795