Netgear Pre-Authentication Command Injection on NMS300 [CVE-2020-35797]

Netgear has released fixes for a pre-authentication command injection security vulnerability on the following product models:

NMS300, running firmware versions prior to 1.6.0.27

Netgear strongly recommends that you download the latest firmware as soon as possible.

CVE number – CVE-2020-35797

What is Netgear NMS300 ?

The NETGEAR Management System NMS300 delivers insight into network elements, including third-party devices. An intuitive, web-based user interface makes it easier to monitor and administer an entire network. It works with any managed device that uses industry-standard Simple Network Management Protocol (SNMP), such as Layer 2 switches, Layer 3 switches from any brand, wireless access points, traditional routers, servers and printers.

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: