Lucene search

MitreCVE-2020-11549

HistoryMay 18, 2020 - 4:15 p.m.

CVE-2020-11549

2020-05-1816:15:11

CWE-798

mitre

web.nvd.nist.gov

cve-2020-11549

netgear

orbi

wifi

router

vulnerability

remote code execution

linux

nvd

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.021

Percentile

89.3%

JSON

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The root account has the same password as the Web-admin component. Thus, by exploiting CVE-2020-11551, it is possible to achieve remote code execution with root privileges on the embedded Linux system.

Affected configurations

Nvd

Node

netgearrbs50y_firmwareMatch2.5.1.106

AND

netgearrbs50yMatch-

Node

netgearsrr60_firmwareMatch2.5.1.106

AND

netgearsrr60Match-

Node

netgearsrs60_firmwareMatch2.5.1.106

AND

netgearsrs60Match-

VendorProductVersionCPE
netgearrbs50y_firmware2.5.1.106cpe:2.3:o:netgear:rbs50y_firmware:2.5.1.106:*:*:*:*:*:*:*
netgearrbs50y-cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*
netgearsrr60_firmware2.5.1.106cpe:2.3:o:netgear:srr60_firmware:2.5.1.106:*:*:*:*:*:*:*
netgearsrr60-cpe:2.3:h:netgear:srr60:-:*:*:*:*:*:*:*
netgearsrs60_firmware2.5.1.106cpe:2.3:o:netgear:srs60_firmware:2.5.1.106:*:*:*:*:*:*:*
netgearsrs60-cpe:2.3:h:netgear:srs60:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	rbs50y_firmware	2.5.1.106	cpe:2.3:o:netgear:rbs50y_firmware:2.5.1.106:::::::*
netgear	rbs50y	-	cpe:2.3:h:netgear:rbs50y:-:::::::*
netgear	srr60_firmware	2.5.1.106	cpe:2.3:o:netgear:srr60_firmware:2.5.1.106:::::::*
netgear	srr60	-	cpe:2.3:h:netgear:srr60:-:::::::*
netgear	srs60_firmware	2.5.1.106	cpe:2.3:o:netgear:srs60_firmware:2.5.1.106:::::::*
netgear	srs60	-	cpe:2.3:h:netgear:srs60:-:::::::*

References

github.com/modzero/MZ-20-02-NETGEAR-Orbi-Security

www.modzero.com/advisories/MZ-20-02-Netgear-Orbi-Pro-Security.txt

www.modzero.com/modlog/archives/2020/05/18/how_netgear_meshed_up_wifi_for_business/index.html

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.021

Percentile

89.3%

JSON

Related for CVE-2020-11549