Remote Code Execution on NETGEAR Orbi Tri-Band Business WiFi Products
CVE-2020-11549

8.3HIGH

Key Information:

Vendor
Netgear
Status
Rbs50y Firmware
Vendor
CVE Published:
18 May 2020

Summary

A security issue has been identified in NETGEAR's Orbi Tri-Band Business WiFi products, which could potentially allow attackers to gain unauthorized remote access. The root account shares the same password as the Web-admin component, making it vulnerable to exploitation. If combined with another related vulnerability, it could lead to complete control over the device’s embedded Linux operating system. Users are urged to review the security advisories and implement necessary updates to protect their network infrastructure.

References

https://www.modzero.com/advisories/MZ-20-02-Netgear-Orbi-...
x_refsource_MISC
https://www.modzero.com/modlog/archives/2020/05/18/how_ne...
x_refsource_MISC
https://github.com/modzero/MZ-20-02-NETGEAR-Orbi-Security
x_refsource_MISC

CVSS V3.1

Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.