CVE-2020-11549

Name of the Vulnerable Software and Affected Versions NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) version 2.5.1.106 NETGEAR Outdoor Satellite (RBS50Y) version 2.5.1.106 NETGEAR Pro Tri-Band Business WiFi Router (SRR60) AC3000 version 2.5.1.106

Description The issue is related to the use of default credentials in the NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite, Pro Tri-Band Business WiFi Router, and Outdoor Satellite devices. This allows an attacker to achieve remote code execution with root privileges on the embedded Linux system by exploiting the default password of the root account, which is the same as the Web-admin component.

Recommendations For NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) version 2.5.1.106, consider changing the default password of the root account and the Web-admin component to prevent exploitation. For NETGEAR Outdoor Satellite (RBS50Y) version 2.5.1.106, consider changing the default password of the root account and the Web-admin component to prevent exploitation. For NETGEAR Pro Tri-Band Business WiFi Router (SRR60) AC3000 version 2.5.1.106, consider changing the default password of the root account and the Web-admin component to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.