CVE-2019-20641

Vulnerability

NETGEAR RAX40 routers running firmware versions prior to 1.0.3.64 are affected by a missing function-level access control vulnerability [1]. The bug exists in the firmware's handling of administrative functions; the device fails to properly enforce access controls on certain server-side functions, making them reachable without the required authentication or authorization checks.

Exploitation

An attacker must be on the same local network as the vulnerable RAX40 (adjacent network position) and send crafted requests to the affected functions. No authentication or user interaction is required. The attack complexity is low and no privileges are needed prior to exploitation [1]. The exact sequence of steps is not publicly detailed, but the CVSS vector indicates successful exploitation does not depend on any special conditions beyond network adjacency.

Impact

Successful exploitation leads to complete compromise of the device's confidentiality, integrity, and availability. The attacker can achieve high impact on all three CIA pillars: they can read sensitive data (e.g., configuration or credentials), modify system settings or firmware, and disrupt normal router operations [1]. The CVSS v3 score of 8.8 (High) reflects this full compromise potential.

Mitigation

NETGEAR released firmware version 1.0.3.64 to address this vulnerability [1]. Users must update the RAX40 firmware to 1.0.3.64 or later. The fix is available from NETGEAR Support. No workarounds are documented; the only mitigation is applying the patch. The CVE is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of publication.