Lucene search

[email protected]CVE-2020-14429

HistoryJun 18, 2020 - 5:15 p.m.

CVE-2020-14429

2020-06-1817:15:12

[email protected]

web.nvd.nist.gov

cve-2020-14429

netgear

admin credentials

security vulnerability

nvd

5.8 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.8%

JSON

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects MK62 before 1.0.4.92, MK63 before 1.0.4.92, MR60 before 1.0.4.92, MS60 before 1.0.4.92, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBS750 before 3.2.15.25, RBR750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

Affected configurations

NVD

Node

netgearmk62Match-

AND

netgearmk62_firmwareRange<1.0.4.92

Node

netgearmk63Match-

AND

netgearmk63_firmwareRange<1.0.4.92

Node

netgearmr60Match-

AND

netgearmr60_firmwareRange<1.0.4.92

Node

netgearms60Match-

AND

netgearms60_firmwareRange<1.0.4.92

Node

netgearrbk752Match-

AND

netgearrbk752_firmwareRange<3.2.15.25

Node

netgearrbk753Match-

AND

netgearrbk753_firmwareRange<3.2.15.25

Node

netgearrbk753s_firmwareRange<3.2.15.25

AND

netgearrbk753sMatch-

Node

netgearrbs750_firmwareRange<3.2.15.25

AND

netgearrbs750Match-

Node

netgearrbr750_firmwareRange<3.2.15.25

AND

netgearrbr750Match-

Node

netgearrbk842_firmwareRange<3.2.15.25

AND

netgearrbk842Match-

Node

netgearrbr840_firmwareRange<3.2.15.25

AND

netgearrbr840Match-

Node

netgearrbs840_firmwareRange<3.2.15.25

AND

netgearrbs840Match-

Node

netgearrbk852_firmwareRange<3.2.15.25

AND

netgearrbk852Match-

Node

netgearrbk853_firmwareRange<3.2.15.25

AND

netgearrbk853Match-

Node

netgearrbr850_firmwareRange<3.2.15.25

AND

netgearrbr850Match-

Node

netgearrbs850_firmwareRange<3.2.15.25

AND

netgearrbs850Match-

CPENameOperatorVersion
netgear:mk62_firmwarenetgear mk62 firmwarelt1.0.4.92

CPE	Name	Operator	Version
netgear:mk62_firmware	netgear mk62 firmware	lt	1.0.4.92

References

kb.netgear.com/000061938/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0050

5.8 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.8%

JSON

Related for CVE-2020-14429

prion1 nvd1 cvelist1