Lucene search

MitreCVE-2020-11550

HistoryMay 18, 2020 - 4:15 p.m.

CVE-2020-11550

2020-05-1816:15:11

mitre

web.nvd.nist.gov

cve

2020

11550

netgear

orbi

tri-band

business

wifi

add-on

satellite

srs60

ac3000

v2.5.1.106

outdoor

rbs50y

pro

router

soap

interface

unauthenticated

sensitive

ssids

pre-shared-keys

nvd

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

High

EPSS

0.002

Percentile

55.2%

JSON

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote leak of sensitive/arbitrary Wi-Fi information, such as SSIDs and Pre-Shared-Keys (PSK).

Affected configurations

Nvd

Node

netgearrbs50y_firmwareMatch2.5.1.106

AND

netgearrbs50yMatch-

Node

netgearsrr60_firmwareMatch2.5.1.106

AND

netgearsrr60Match-

Node

netgearsrs60_firmwareMatch2.5.1.106

AND

netgearsrs60Match-

VendorProductVersionCPE
netgearrbs50y_firmware2.5.1.106cpe:2.3:o:netgear:rbs50y_firmware:2.5.1.106:*:*:*:*:*:*:*
netgearrbs50y-cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*
netgearsrr60_firmware2.5.1.106cpe:2.3:o:netgear:srr60_firmware:2.5.1.106:*:*:*:*:*:*:*
netgearsrr60-cpe:2.3:h:netgear:srr60:-:*:*:*:*:*:*:*
netgearsrs60_firmware2.5.1.106cpe:2.3:o:netgear:srs60_firmware:2.5.1.106:*:*:*:*:*:*:*
netgearsrs60-cpe:2.3:h:netgear:srs60:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	rbs50y_firmware	2.5.1.106	cpe:2.3:o:netgear:rbs50y_firmware:2.5.1.106:::::::*
netgear	rbs50y	-	cpe:2.3:h:netgear:rbs50y:-:::::::*
netgear	srr60_firmware	2.5.1.106	cpe:2.3:o:netgear:srr60_firmware:2.5.1.106:::::::*
netgear	srr60	-	cpe:2.3:h:netgear:srr60:-:::::::*
netgear	srs60_firmware	2.5.1.106	cpe:2.3:o:netgear:srs60_firmware:2.5.1.106:::::::*
netgear	srs60	-	cpe:2.3:h:netgear:srs60:-:::::::*

References

github.com/modzero/MZ-20-02-NETGEAR-Orbi-Security

www.modzero.com/advisories/MZ-20-02-Netgear-Orbi-Pro-Security.txt

www.modzero.com/modlog/archives/2020/05/18/how_netgear_meshed_up_wifi_for_business/index.html

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

High

EPSS

0.002

Percentile

55.2%

JSON

Related for CVE-2020-11550