Vulnerability Description
An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote leak of sensitive/arbitrary Wi-Fi information, such as SSIDs and Pre-Shared-Keys (PSK).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | Rbs50Y Firmware | 2.5.1.106 |
| Netgear | Rbs50Y | - |
| Netgear | Srr60 Firmware | 2.5.1.106 |
| Netgear | Srr60 | - |
| Netgear | Srs60 Firmware | 2.5.1.106 |
| Netgear | Srs60 | - |
References
- https://github.com/modzero/MZ-20-02-NETGEAR-Orbi-SecurityExploitThird Party Advisory
- https://www.modzero.com/advisories/MZ-20-02-Netgear-Orbi-Pro-Security.txtExploitThird Party Advisory
- https://www.modzero.com/modlog/archives/2020/05/18/how_netgear_meshed_up_wifi_foExploitPatchThird Party Advisory
- https://github.com/modzero/MZ-20-02-NETGEAR-Orbi-SecurityExploitThird Party Advisory
- https://www.modzero.com/advisories/MZ-20-02-Netgear-Orbi-Pro-Security.txtExploitThird Party Advisory
- https://www.modzero.com/modlog/archives/2020/05/18/how_netgear_meshed_up_wifi_foExploitPatchThird Party Advisory
FAQ
What is CVE-2020-11550?
CVE-2020-11550 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V...
How severe is CVE-2020-11550?
CVE-2020-11550 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11550?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear Rbs50Y Firmware, Netgear Rbs50Y, Netgear Srr60 Firmware, Netgear Srr60, Netgear Srs60 Firmware.