Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.3.110, SRR60 before 2.5.3.110, and SRS60 before 2.5.3.110.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26920
Reference (s):
- https://kb.netgear.com/000062333/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0327