Remote Configuration Vulnerability in NETGEAR Orbi WiFi Devices
CVE-2020-11551

9.6CRITICAL

Key Information:

Vendor
Netgear
Status
Rbs50y Firmware
Vendor
CVE Published:
18 May 2020

Summary

NETGEAR Orbi devices are vulnerable due to an administrative SOAP interface that permits unauthenticated remote writing of WiFi configuration data. This includes sensitive information such as WiFi authentication details, network settings, DNS configurations, and system administration interface options. The vulnerability could potentially allow malicious actors to gain control over device settings, putting users at risk.

References

https://www.modzero.com/advisories/MZ-20-02-Netgear-Orbi-...
x_refsource_MISC
https://www.modzero.com/modlog/archives/2020/05/18/how_ne...
x_refsource_MISC
https://github.com/modzero/MZ-20-02-NETGEAR-Orbi-Security
x_refsource_MISC

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.