Unrated severityNVD Advisory· Published Dec 29, 2020· Updated Aug 4, 2024

CVE-2020-35794

Description

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBS40V before 2.6.1.4, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

NETGEAR Orbi WiFi systems are affected by a post-authentication command injection vulnerability, allowing an authenticated attacker to execute arbitrary commands on affected devices.

Vulnerability

A post-authentication command injection vulnerability exists in certain NETGEAR WiFi system models. Affected devices include the RBS40V before firmware version 2.6.1.4, and the RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850 before firmware version 3.2.15.25 [1]. The vulnerability requires an authenticated user to trigger the command injection via the web interface or other management functions [1].

Exploitation

An attacker must first obtain valid authentication credentials for the target device. Once authenticated, the attacker can exploit the injection point to inject arbitrary operating system commands. The advisory does not provide specific details on the attack vector or the input field used for injection [1].

Impact

Successful exploitation allows an authenticated attacker to execute arbitrary commands on the device with elevated privileges, potentially leading to full compromise of the device's functionality and data [1].

Mitigation

NETGEAR released firmware updates to address this vulnerability: version 2.6.1.4 for the RBS40V, and version 3.2.15.25 for the RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850. Users should update to the latest firmware as soon as possible [1].

References

Security Advisory for Post-Authentication Command Injection on Some WiFi Systems, PSV-2020-0034

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/devicesdescription
Netgear/RBK752llm-fuzzy
Range: <3.2.15.25
Netgear/RBR750llm-fuzzy
Range: <3.2.15.25
Netgear/RBS40Vllm-fuzzy
Range: <2.6.1.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000062629/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0034mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000