Dgn2200 Firmware
CVE-2020-35785
HIGH
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365).
AnalysisAI
NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365). Affected products include: Netgear Dgn2200 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
More in Dgn2200 Firmware
View allNetgear DGN2200 router firmware v1.0.0.46 and earlier contains an authentication bypass. By appending ?x=1.gif to any UR
Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 all
Certain NETGEAR devices are affected by lack of access control at the function level. Rated critical severity (CVSS 9.8)
Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, s
Certain NETGEAR devices are affected by command injection by an authenticated user. Rated medium severity (CVSS 6.8), th
Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exp
Certain NETGEAR devices are affected by authentication bypass. Rated low severity (CVSS 2.7), this vulnerability is remo
Improper input validation in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows attackers with direct network
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today