Information Disclosure Vulnerability in NETGEAR R7450 Routers
CVE-2020-27873

6.5MEDIUM

Key Information:

Vendor: Netgear
Status: R7450
Vendor: CVE Published:; 4 February 2021

Summary

This vulnerability in the NETGEAR R7450 router's SOAP API allows attackers on the same network to disclose sensitive information without authentication. The flaw arises from inadequate access control mechanisms in the SOAP API, which operates on the default TCP port 80. By exploiting this weakness, unauthorized users can retrieve stored credentials, potentially leading to further compromises within the network.

Affected Version(s)

R7450 1.2.0.62_1.0.1

References

https://kb.netgear.com/000062641/Security-Advisory-for-Pa...

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-21-072/

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 4, 2021
Vulnerability Reserved
Oct 27, 2020

Credit

1sd3d of Viettel Cyber Security