PT-2020-12684 · NetGear · Netgear Pro Tri-Band Business Wifi Router+2
Thorsten Schroeder
·
Published
2020-05-18
·
Updated
2021-07-21
·
CVE-2020-11550
CVSS v3.1
7.4
High
| Vector | AC:L/AV:A/A:N/C:H/I:N/PR:N/S:C/UI:N |
Name of the Vulnerable Software and Affected Versions
NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 version 2.5.1.106
NETGEAR Outdoor Satellite (RBS50Y) AC3000 version 2.5.1.106
NETGEAR Pro Tri-Band Business WiFi Router (SRR60) AC3000 version 2.5.1.106
Description
An issue allows an unauthenticated remote leak of sensitive Wi-Fi information, such as SSIDs and Pre-Shared-Keys (PSK), through the administrative SOAP interface.
Recommendations
For NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 version 2.5.1.106, consider disabling the administrative SOAP interface until a patch is available.
For NETGEAR Outdoor Satellite (RBS50Y) AC3000 version 2.5.1.106, restrict access to the administrative SOAP interface to minimize the risk of exploitation.
For NETGEAR Pro Tri-Band Business WiFi Router (SRR60) AC3000 version 2.5.1.106, avoid using the administrative SOAP interface until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Netgear Orbi Tri-Band Business Wifi Add-On Satellite
Netgear Outdoor Satellite
Netgear Pro Tri-Band Business Wifi Router