Remote Information Disclosure in NETGEAR Orbi WiFi Products

CVE-2020-11550

What is CVE-2020-11550?

A security issue in NETGEAR's Orbi series allows attackers to exploit the administrative SOAP interface for unauthorized access. This vulnerability permits remote users to leak sensitive Wi-Fi configuration details, including SSIDs and Pre-Shared Keys (PSK), without needing authentication. Affected products include the Orbi Tri-Band Business WiFi Add-on Satellite, Outdoor Satellite, and Pro Tri-Band Router, all of which have specific software versions vulnerable to exploitation.

References