CVE-2020-11549
Description
NETGEAR Orbi Pro devices have a hardcoded root password identical to the web-admin password, enabling remote code execution via CVE-2020-11551.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
NETGEAR Orbi Pro devices have a hardcoded root password identical to the web-admin password, enabling remote code execution via CVE-2020-11551.
Vulnerability
The root account on NETGEAR Orbi Tri-Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Business WiFi Router (SRR60) AC3000 V2.5.1.106 uses the same password as the web-admin component [1]. This design flaw means that any attacker who obtains the web-admin password (for example, by exploiting CVE-2020-11551) automatically gains root access to the underlying Linux system.
Exploitation
An attacker must first gain network access to the device and exploit CVE-2020-11551 to retrieve the web-admin password [1]. With that password, the attacker can authenticate as root via SSH or other remote access mechanisms. Proof-of-concept exploits are publicly available [2].
Impact
Successful exploitation grants the attacker full root privileges on the embedded Linux system, leading to complete compromise of the device. This includes arbitrary code execution, data exfiltration, and the ability to maintain persistent control over the device.
Mitigation
At the time of disclosure (May 2020), no firmware update was available to address this issue [1]. Users should apply the latest firmware from NETGEAR, restrict network access to the management interface, and monitor vendor advisories for a permanent fix.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- NETGEAR/Orbi Tri-Band Business WiFi Add-on Satellitedescription
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The root account password is identical to the Web-admin password, allowing privilege escalation after compromising the admin interface."
Attack vector
An attacker first exploits CVE-2020-11551 (a separate pre-authentication command injection) to gain a foothold on the device. Because the root account password is identical to the Web-admin password, the attacker can then use the Web-admin credentials (obtained or guessed via the same injection) to log in as root over SSH or a similar service. This chained attack achieves remote code execution with full root privileges on the embedded Linux system [ref_id=1].
Affected code
The advisory does not specify a particular function or file path; it identifies the affected products as NETGEAR Orbi Tri-Business WiFi Add-on Satellite (SRS60), Outdoor Satellite (RBS50Y), and Pro Tri-Business WiFi Router (SRR60), all running firmware version V2.5.1.106 [ref_id=1]. The vulnerability is that the root account shares the same password as the Web-admin component.
What the fix does
The advisory does not include a patch or remediation guidance from NETGEAR. No fix is published in the referenced material [ref_id=1]. To close the vulnerability, the vendor would need to ensure the root account uses a unique, non-default password that is independent of the Web-admin password, preventing privilege escalation from a compromised admin interface.
Preconditions
- authThe attacker must first exploit CVE-2020-11551 (a separate pre-authentication command injection) to gain initial access or obtain the Web-admin password.
- configThe target device must be running one of the affected firmware versions (V2.5.1.106) on SRS60, RBS50Y, or SRR60 models.
- networkThe attacker must have network access to the device's management interface.
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- www.modzero.com/advisories/MZ-20-02-Netgear-Orbi-Pro-Security.txtmitrex_refsource_MISC
- www.modzero.com/modlog/archives/2020/05/18/how_netgear_meshed_up_wifi_for_business/index.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.