CVE-2020-26911

Description

Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62.

References

https://kb.netgear.com/000062342/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Routers-PSV-2019-0016

Vendor Advisory

CvssV3 impact

BaseSeverity	HIGH
ConfidentialityImpact	HIGH
AttackComplexity	LOW
Scope	UNCHANGED
AttackVector	ADJACENT_NETWORK
AvailabilityImpact	HIGH
IntegrityImpact	HIGH
PrivilegesRequired	NONE
BaseScore	8.8
VectorString	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version	3.1
UserInteraction	NONE

CvssV2 impact

AccessComplexity	LOW
ConfidentialityImpact	PARTIAL
AvailabilityImpact	PARTIAL
IntegrityImpact	PARTIAL
BaseScore	5.800000190734863
VectorString	AV:A/AC:L/Au:N/C:P/I:P/A:P
Version	2.0
AccessVector	ADJACENT_NETWORK
Authentication	NONE

Created by Yello

About Severity.io