Netgear Pre-Authentication Command Injection on NMS300 [CVE-2020-35797]
Netgear has released fixes for a pre-authentication command injection security vulnerability on the following product models:
NMS300, running firmware versions prior to 1.6.0.27
Netgear strongly recommends that you download the latest firmware as soon as possible.
CVE number – CVE-2020-35797
What is Netgear NMS300 ?
The NETGEAR Management System NMS300 delivers insight into network elements, including third-party devices. An intuitive, web-based user interface makes it easier to monitor and administer an entire network. It works with any managed device that uses industry-standard Simple Network Management Protocol (SNMP), such as Layer 2 switches, Layer 3 switches from any brand, wireless access points, traditional routers, servers and printers.
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.