Remote Information Disclosure in NETGEAR Orbi WiFi Products
CVE-2020-11550
7.4HIGH
Summary
A security issue in NETGEAR's Orbi series allows attackers to exploit the administrative SOAP interface for unauthorized access. This vulnerability permits remote users to leak sensitive Wi-Fi configuration details, including SSIDs and Pre-Shared Keys (PSK), without needing authentication. Affected products include the Orbi Tri-Band Business WiFi Add-on Satellite, Outdoor Satellite, and Pro Tri-Band Router, all of which have specific software versions vulnerable to exploitation.
References
CVSS V3.1
Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved