PT-2020-12685 · NetGear · Netgear Pro Tri-Band Business Wifi Router+2
Published
2020-05-18
·
Updated
2021-07-21
·
CVE-2020-11551
CVSS v3.1
9.6
Critical
| Vector | AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N |
Name of the Vulnerable Software and Affected Versions
NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) version 2.5.1.106
NETGEAR Outdoor Satellite (RBS50Y) version 2.5.1.106
NETGEAR Pro Tri-Band Business WiFi Router (SRR60) version 2.5.1.106
Description
An issue allows an unauthenticated remote write of arbitrary Wi-Fi configuration data, including authentication details such as the Web-admin password, network settings, DNS settings, and system administration interface configuration, through the administrative SOAP interface.
Recommendations
For NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) version 2.5.1.106, restrict access to the administrative SOAP interface until a patch is available.
For NETGEAR Outdoor Satellite (RBS50Y) version 2.5.1.106, consider disabling remote configuration capabilities to minimize the risk of exploitation.
For NETGEAR Pro Tri-Band Business WiFi Router (SRR60) version 2.5.1.106, avoid using the Web-admin password in the affected configuration until the issue is resolved.
Exploit
Fix
Improper Authentication
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Netgear Orbi Tri-Band Business Wifi Add-On Satellite
Netgear Outdoor Satellite
Netgear Pro Tri-Band Business Wifi Router