Unrated severityNVD Advisory· Published Jun 18, 2020· Updated Aug 4, 2024

CVE-2020-14427

Description

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

NETGEAR Orbi WiFi systems disclose admin credentials; fixed in firmware 3.2.15.25.

Vulnerability

The vulnerability allows disclosure of administrative credentials on certain NETGEAR Orbi WiFi systems. Affected models include RBK752, RBK753, RBK753S, RBR750, RBS750, RBK842, RBR840, RBS840, RBK852, RBK853, RBR850, and RBS850 running firmware versions prior to 3.2.15.25 [1]. The exact mechanism is not detailed in the advisory, but it is an admin credential disclosure issue.

Exploitation

An attacker can exploit this vulnerability to obtain administrative credentials. The advisory does not specify the attack vector, but it likely requires network access to the affected device. No authentication is needed if the credentials are exposed without authentication. The exact steps are not disclosed.

Impact

Successful exploitation allows an attacker to gain administrative credentials, leading to full control over the affected WiFi system. This could result in unauthorized access to the network, data interception, and further compromise of connected devices.

Mitigation

NETGEAR has released firmware version 3.2.15.25 to fix this vulnerability. Users should update their devices to the latest firmware as soon as possible [1]. No workarounds are provided. The advisory strongly recommends updating.

References

Security Advisory for Admin Credential Disclosure on Some WiFi Systems, PSV-2020-0042

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/NETGEAR devicesdescription
Netgear/RBK752llm-fuzzy
Range: <3.2.15.25
Netgear/RBR750llm-fuzzy
Range: <3.2.15.25
Netgear/RBS750llm-fuzzy
Range: <3.2.15.25

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000061935/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0042mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000