VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 18, 2020· Updated Aug 4, 2024

CVE-2020-14426

CVE-2020-14426

Description

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, RBK842 before 3.2.10.11, RBR840 before 3.2.10.11, and RBS840 before 3.2.10.11.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

NETGEAR WiFi systems RBK752, RBK753, RBK852, and others before specific firmware versions disclose administrative credentials.

Vulnerability

An administrative credential disclosure vulnerability exists in certain NETGEAR WiFi system models. The flaw allows an attacker to obtain the administrative credentials of the device. Affected models include RBK752, RBK753, RBK753S, RBR750, RBS750 before firmware version 3.2.15.25; and RBK852, RBK853, RBR850, RBS850, RBK842, RBR840, RBS840 before firmware version 3.2.10.11 [1].

Exploitation

An attacker with network access to the affected device may be able to exploit this vulnerability to retrieve the administrative credentials. No authentication or user interaction is required, and the attack can be performed remotely [1].

Impact

Successful exploitation allows an attacker to obtain the administrative credentials of the NETGEAR WiFi system. With these credentials, the attacker gains full administrative control over the device, potentially enabling further compromise of the network [1].

Mitigation

NETGEAR has released firmware updates to address this vulnerability. Users should upgrade to firmware version 3.2.15.25 for models RBK752, RBK753, RBK753S, RBR750, RBS750; and to version 3.2.10.11 for models RBK852, RBK853, RBR850, RBS850, RBK842, RBR840, RBS840. No workarounds are available; updating to the latest firmware is the only mitigation [1].

References
  1. Security Advisory for Admin Credential Disclosure on Some Wifi Systems, PSV-2020-0033

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.