CVE-2020-35789
Description
Authenticated users can execute arbitrary commands on NETGEAR NMS300 devices before 1.6.0.27 via command injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated users can execute arbitrary commands on NETGEAR NMS300 devices before 1.6.0.27 via command injection.
Vulnerability
NETGEAR NMS300 devices running firmware versions prior to 1.6.0.27 are affected by a post-authentication command injection vulnerability [1]. The vulnerability allows an authenticated user to inject arbitrary commands.
Exploitation
An attacker must have valid credentials to the NMS300 web interface. Once authenticated, the attacker can send crafted requests to inject commands [1]. No additional privileges are required beyond authentication.
Impact
Successful exploitation allows the attacker to execute arbitrary commands on the underlying operating system, potentially leading to full system compromise, including data disclosure, modification, or denial of service [1].
Mitigation
NETGEAR released firmware version 1.6.0.27 to address the vulnerability [1]. Users should update to the latest firmware as soon as possible. No workarounds are mentioned.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- NETGEAR/NMS300description
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.