Skip to main content

Rbs50Y Firmware CVE-2020-11550

MEDIUM
2020-05-18 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
May 18, 2020 - 16:15 nvd
MEDIUM 6.5

DescriptionNVD

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote leak of sensitive/arbitrary Wi-Fi information, such as SSIDs and Pre-Shared-Keys (PSK).

AnalysisAI

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote leak of sensitive/arbitrary Wi-Fi information, such as SSIDs and Pre-Shared-Keys (PSK). Affected products include: Netgear Rbs50Y Firmware, Netgear Srr60 Firmware, Netgear Srs60 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-11551 HIGH POC
8.8 May 18

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satel

CVE-2020-11549 HIGH POC
8.8 May 18

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satel

CVE-2021-45658 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by server-side injection. Rated critical severity (CVSS 9.8), this vulnerability is

CVE-2021-45645 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated critical severity (CVSS 9.8)

CVE-2021-45619 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45618 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-38530 CRITICAL
9.8 Aug 11

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-38527 CRITICAL
9.8 Aug 11

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2020-35800 CRITICAL
9.4 Dec 30

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated critical severity (CVSS 9.4)

CVE-2021-45626 HIGH
8.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8)

CVE-2021-45595 HIGH
8.8 Dec 26

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 8.8), this

CVE-2021-27253 HIGH
8.8 Apr 14

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nigh

Share

CVE-2020-11550 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy