Skip to main content

Rbs50Y Firmware CVE-2020-11551

HIGH
Improper Authentication (CWE-287)
2020-05-18 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 18, 2020 - 16:15 nvd
HIGH 8.8

DescriptionNVD

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote write of arbitrary Wi-Fi configuration data such as authentication details (e.g., the Web-admin password), network settings, DNS settings, system administration interface configuration, etc.

AnalysisAI

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote write of arbitrary Wi-Fi configuration data such as authentication details (e.g., the Web-admin password), network settings, DNS settings, system administration interface configuration, etc. Affected products include: Netgear Rbs50Y Firmware, Netgear Srr60 Firmware, Netgear Srs60 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

CVE-2020-11549 HIGH POC
8.8 May 18

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satel

CVE-2020-11550 MEDIUM POC
6.5 May 18

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satel

CVE-2021-45658 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by server-side injection. Rated critical severity (CVSS 9.8), this vulnerability is

CVE-2021-45645 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated critical severity (CVSS 9.8)

CVE-2021-45619 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45618 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-38530 CRITICAL
9.8 Aug 11

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-38527 CRITICAL
9.8 Aug 11

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2020-35800 CRITICAL
9.4 Dec 30

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated critical severity (CVSS 9.4)

CVE-2021-45626 HIGH
8.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8)

CVE-2021-45595 HIGH
8.8 Dec 26

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 8.8), this

CVE-2021-27253 HIGH
8.8 Apr 14

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nigh

Share

CVE-2020-11551 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy