CVE-2020-35797 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2020-35797?

CVE-2020-35797 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows unauthenticated attackers to execute arbitrary commands on NETGEAR NMS300 network management systems. Attackers can gain full control of affected devices without any credentials. All NETGEAR NMS300 devices running versions before 1.6.0.27 are vulnerable.

📋 TL;DR

This vulnerability allows unauthenticated attackers to execute arbitrary commands on NETGEAR NMS300 network management systems. Attackers can gain full control of affected devices without any credentials. All NETGEAR NMS300 devices running versions before 1.6.0.27 are vulnerable.

💻 Affected Systems

Products:

NETGEAR NMS300

Versions: All versions before 1.6.0.27

Operating Systems: ProSafe Network Management System firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Nms300 Firmware by Netgear

View all CVEs affecting Nms300 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to install malware, pivot to other network devices, steal sensitive data, or use the device as part of a botnet.

🟠

Likely Case

Remote code execution leading to device takeover, configuration changes, or deployment of cryptocurrency miners.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires no authentication and minimal technical skill. Public exploit code exists.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.6.0.27

Vendor Advisory: https://kb.netgear.com/000062688/Security-Advisory-for-Pre-Authentication-Command-Injection-on-NMS300-PSV-2020-0560

Restart Required: Yes

Instructions:

1. Download firmware version 1.6.0.27 from NETGEAR support site. 2. Log into NMS300 web interface. 3. Navigate to Administration > Firmware Upgrade. 4. Upload the firmware file. 5. Wait for upgrade to complete and system to reboot.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to NMS300 management interface using firewall rules

Network Segmentation

all

Isolate NMS300 devices on separate VLAN with strict access controls

🧯 If You Can't Patch

Immediately remove internet-facing access to NMS300 management interface
Implement strict network segmentation and monitor for suspicious outbound connections

🔍 How to Verify

Check if Vulnerable:

Check firmware version in web interface under Administration > System Information

Check Version:

Check via web interface or SSH if enabled: show version

Verify Fix Applied:

Verify firmware version shows 1.6.0.27 or higher after upgrade

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in system logs
Multiple failed authentication attempts followed by successful command execution
Suspicious process creation

Network Indicators:

Unexpected outbound connections from NMS300 device
Traffic to known malicious IPs
Unusual port scanning from NMS300

SIEM Query:

source="nms300" AND (event="command_execution" OR event="shell_access")

📊 Metadata

CVE ID: CVE-2020-35797

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: December 30, 2020

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35797, you might also want to check these: