CVE-2019-20488

moderate-risk
Published 2020-03-02

An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the web management interface (setup.cgi) are vulnerable to command injection, allowing remote attackers to execute arbitrary commands, as demonstrated by shell metacharacters in the sysDNSHost parameter.

Do I need to act?

~
5.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Netgear

References (2)

Exploit https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/august/the-...
Exploit https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/august/the-...
45
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 8/34 · Low
Exposure 5/34 · Minimal