Unrated severityNVD Advisory· Published Jun 18, 2020· Updated Aug 4, 2024

CVE-2020-14431

Description

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

NETGEAR Orbi WiFi systems before firmware 3.2.15.25 expose administrative credentials, allowing local network attackers to gain full device control.

Vulnerability

A vulnerability in NETGEAR Orbi WiFi system models RBK752, RBK753, RBK753S, RBR750, RBS750, RBK842, RBR840, RBS840, RBK852, RBK853, RBR850, and RBS850 running firmware versions prior to 3.2.15.25 allows disclosure of administrative credentials [1]. The exact root cause is not publicly detailed, but the flaw resides in the device's firmware and can be triggered without authentication.

Exploitation

The advisory does not specify the precise attack vector, but the vulnerability is exploitable by an attacker with network access to the affected device, likely from the local network. No prior authentication is required. The attacker can extract the administrative credentials by interacting with a vulnerable service or interface.

Impact

Successful exploitation leads to disclosure of the device's administrative credentials. An attacker can then gain full administrative control over the WiFi system, enabling unauthorized configuration changes, network traffic monitoring, and potential compromise of other devices on the network.

Mitigation

NETGEAR has released firmware version 3.2.15.25 to address this vulnerability. Users are strongly advised to update their devices to this version or later immediately [1]. No workarounds are available. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of the publication date.

References

Security Advisory for Admin Credential Disclosure on Some WiFi Systems, PSV-2020-0068

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/devicesdescription
Netgear/RBK753Sllm-create
Range: <3.2.15.25
Netgear/RBK752llm-fuzzy
Range: <3.2.15.25
Netgear/RBK753llm-fuzzy
Range: <3.2.15.25

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000061944/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0068mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000