TLS Certificate Private Key Disclosure in NETGEAR Routers
CVE-2020-11792

7.5HIGH

Key Information:

Vendor: Netgear
Status: R8900 Firmware
Vendor: CVE Published:; 15 April 2020

Summary

NETGEAR Routers, including models R8900, R9000, RAX120, and XR700, are susceptible to a vulnerability that allows for the unauthorized disclosure of the private key used in Transport Layer Security (TLS) certificates. This issue could potentially allow attackers to spoof communications or impersonate services protected by the compromised certificates, leading to significant security risks for users. It's crucial for NETGEAR device owners to check for firmware updates addressing this vulnerability to ensure their network security.

References

https://kb.netgear.com/000061582/Security-Advisory-for-Si...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Apr 15, 2020