CVE-2020-11792

Vulnerability

The NETGEAR R8900, R9000, RAX120, and XR700 devices are affected by a Transport Layer Security (TLS) certificate private key disclosure vulnerability, identified as PSV-2020-0105. Affected devices include firmware versions prior to the hotfixes released around 2020-01-20. The private key of the CA-signed certificate used for HTTPS access to the router web interface is exposed, which undermines the security of encrypted communications [1].

Exploitation

An attacker with network access to the affected router can obtain the private key. The advisory does not specify the exact attack vector or required privileges, but the key disclosure likely stems from a flaw in how the device stores or serves the private key over the network. No user interaction beyond normal device operation is required [1].

Impact

Successful exploitation allows the attacker to decrypt HTTPS traffic to the router's web interface and impersonate the legitimate device. This could lead to interception of sensitive credentials, configuration data, and other information exchanged via HTTPS, as well as man-in-the-middle attacks [1].

Mitigation

NETGEAR has released firmware hotfixes for the R8900, R9000, and XR700 models. As of the advisory date, no hotfix was listed for the RAX120 model. These hotfixes are beta firmware that replace the affected CA-signed certificates with self-signed certificates. Users are strongly recommended to download and install the latest firmware hotfix for their model from NETGEAR Support [1]. After installation, browsers may display a security warning due to the self-signed certificate, which is normal and expected [1].