CVE-2020-27873

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11559.

CVSS v3 6.5 MEDIUM
CVSS v2.0 3.3 LOW

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers	Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-072/	Third Party Advisory VDB Entry
https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers	Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-072/	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:netgear:r6330_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6330:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6350:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:21

Type	Values Removed	Values Added
References	~~() https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers - Vendor Advisory~~	() https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers - Vendor Advisory
References	~~() https://www.zerodayinitiative.com/advisories/ZDI-21-072/ - Third Party Advisory, VDB Entry~~	() https://www.zerodayinitiative.com/advisories/ZDI-21-072/ - Third Party Advisory, VDB Entry

Information

Published : 2021-02-04 17:15

Updated : 2024-11-21 05:21

NVD link : CVE-2020-27873

Mitre link : CVE-2020-27873

CVE.ORG link : CVE-2020-27873

JSON object : View

Products Affected

netgear

r6230_firmware
r7400_firmware
r6700_firmware
r6220
ac2600_firmware
r6020
r7200_firmware
r6230
ac2400
r7350
r6080_firmware
r6080
r6350
ac2600
r7450_firmware
ac2400_firmware
r6900
r6260_firmware
r6350_firmware
r6260
r6120
r7400
r6020_firmware
r6700
r6800
r6330
r6900_firmware
r7450
r6800_firmware
ac2100
r6850
r6220_firmware
ac2100_firmware
r6330_firmware
r7200
r6850_firmware
r6120_firmware
r7350_firmware

CWE

CWE-284

Improper Access Control

CWE-863

Incorrect Authorization

6.5 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

3.3 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2020-27873

6.5^/10

3.3^/10

Attach tags to `CVE-2020-27873`