CVE Vulnerability

CVE-2020-11550

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote leak of sensitive/arbitrary Wi-Fi information, such as SSIDs and Pre-Shared-Keys (PSK).

3.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.5 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.modzero.com/modlog/archives/2020/05/18/how_netgear_meshed_up_wifi_for_business/index.html Exploit Patch
https://www.modzero.com/advisories/MZ-20-02-Netgear-Orbi-Pro-Security.txt Exploit Third Party Advisory
https://github.com/modzero/MZ-20-02-NETGEAR-Orbi-Security Exploit Third Party Advisory
Configurations

Configuration 1
Information

Published : 2020-05-18 04:15

Updated : 2021-07-21 11:39

NVD link : CVE-2020-11550

Mitre link : CVE-2020-11550

Products Affected

Netgear

Srs60 Firmware

CWE
NVD-CWE-noinfo