CVE-2020-13245 — MEDIUM (5.9)

Q: How severe is CVE-2020-13245?

CVE-2020-13245 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-13245?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear R6120 Firmware, Netgear R6120, Netgear R6220 Firmware, Netgear R6220, Netgear R6350 Firmware.

Vulnerability Description

Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Netgear	R6120 Firmware	>= v1.0.9.6_1.2.19, <= v1.0.11.100_10.2.100
Netgear	R6120	-
Netgear	R6220 Firmware	>= v1.0.9.6_1.2.19, <= v1.0.11.100_10.2.100
Netgear	R6220	-
Netgear	R6350 Firmware	>= v1.0.9.6_1.2.19, <= v1.0.11.100_10.2.100
Netgear	R6350	-
Netgear	R6400 Firmware	>= v1.0.9.6_1.2.19, <= v1.0.11.100_10.2.100
Netgear	R6400	-
Netgear	R6800 Firmware	>= v1.0.9.6_1.2.19, <= v1.0.11.100_10.2.100
Netgear	R6800	-
Netgear	R6850 Firmware	>= v1.0.9.6_1.2.19, <= v1.0.11.100_10.2.100
Netgear	R6850	-
Netgear	R7000P Firmware	>= v1.0.9.6_1.2.19, <= v1.0.11.100_10.2.100
Netgear	R7000P	-
Netgear	R7800 Firmware	>= v1.0.9.6_1.2.19, <= v1.0.11.100_10.2.100
Netgear	R7800	-
Netgear	R8000 Firmware	>= v1.0.9.6_1.2.19, <= v1.0.11.100_10.2.100
Netgear	R8000	-
Netgear	R9000 Firmware	>= v1.0.9.6_1.2.19, <= v1.0.11.100_10.2.100
Netgear	R9000	-

Related Weaknesses (CWE)

CWE-295

References

https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/ExploitThird Party Advisory
https://www.netgear.com/about/security/Vendor Advisory
https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/ExploitThird Party Advisory
https://www.netgear.com/about/security/Vendor Advisory

FAQ

What is CVE-2020-13245?

CVE-2020-13245 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, ...

How severe is CVE-2020-13245?

CVE-2020-13245 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-13245?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear R6120 Firmware, Netgear R6120, Netgear R6220 Firmware, Netgear R6220, Netgear R6350 Firmware.