Unrated severityNVD Advisory· Published Jun 18, 2020· Updated Aug 4, 2024

CVE-2020-14429

Description

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects MK62 before 1.0.4.92, MK63 before 1.0.4.92, MR60 before 1.0.4.92, MS60 before 1.0.4.92, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBS750 before 3.2.15.25, RBR750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

NETGEAR Orbi and Nighthawk WiFi system firmware prior to 1.0.4.92/3.2.15.25 discloses administrative credentials to local attackers.

Vulnerability

An administrative credential disclosure vulnerability exists in multiple NETGEAR WiFi system models. Affected devices include MK62, MK63, MR60, and MS60 running firmware prior to 1.0.4.92, as well as various Orbi models (RBK752, RBK753, RBK753S, RBS750, RBR750, RBK842, RBR840, RBS840, RBK852, RBK853, RBR850, RBS850) running firmware prior to 3.2.15.25 [1]. The issue allows an attacker to obtain administrative credentials for the device.

Exploitation

According to the vendor advisory, the vulnerability can be exploited by an attacker who has already gained local access to the affected device [1]. The exact attack vector is not detailed in the available reference, but the prerequisite is local access to the device's network or physical interface. An attacker with such access can then retrieve the administrative credentials.

Impact

Successful exploitation results in the disclosure of administrative credentials for the affected NETGEAR device [1]. This grants the attacker the ability to fully control the device's configuration and settings, potentially leading to complete compromise of the WiFi system and the network it serves.

Mitigation

NETGEAR has released fixed firmware versions to address this vulnerability. Users should update to firmware version 1.0.4.92 for MK62, MK63, MR60, and MS60 models, and version 3.2.15.25 for the Orbi models listed in the advisory [1]. The firmware can be obtained through NETGEAR Support. No workaround is provided; updating firmware is the only mitigation.

References

Security Advisory for Admin Credential Disclosure on Some WiFi Systems, PSV-2020-0050

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/NETGEAR devicesdescription
Netgear/MK62llm-create
Range: <1.0.4.92
Netgear/MK63llm-create
Range: <1.0.4.92
Netgear/RBK752llm-fuzzy
Range: <3.2.15.25

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000061938/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0050mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000