PT-2020-12850 · NetGear · Netgear Rax120+3
Published
2020-04-15
·
Updated
2020-04-21
·
CVE-2020-11792
CVSS v3.1
7.5
High
| Vector | AC:L/AV:N/A:N/C:H/I:N/PR:N/S:U/UI:N |
Name of the Vulnerable Software and Affected Versions
NETGEAR R8900 versions prior to 2020-01-20
NETGEAR R9000 versions prior to 2020-01-20
NETGEAR RAX120 versions prior to 2020-01-20
NETGEAR XR700 versions prior to 2020-01-20
Description
The issue concerns the disclosure of Transport Layer Security (TLS) certificate private keys. This affects NETGEAR devices, including R8900, R9000, RAX120, and XR700 models, with versions prior to 2020-01-20.
Recommendations
For NETGEAR R8900 versions prior to 2020-01-20, update the device to a version released after 2020-01-20.
For NETGEAR R9000 versions prior to 2020-01-20, update the device to a version released after 2020-01-20.
For NETGEAR RAX120 versions prior to 2020-01-20, update the device to a version released after 2020-01-20.
For NETGEAR XR700 versions prior to 2020-01-20, update the device to a version released after 2020-01-20.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netgear R8900
Netgear R9000
Netgear Rax120
Netgear Xr700