Unrated severityNVD Advisory· Published Jun 18, 2020· Updated Aug 4, 2024

CVE-2020-14441

Description

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Certain NETGEAR WiFi system models are vulnerable to pre-authentication command injection, allowing unauthenticated remote attackers to execute arbitrary commands.

Vulnerability

A pre-authentication command injection vulnerability exists in multiple NETGEAR Orbi WiFi system models. The vulnerability allows an unauthenticated attacker to inject arbitrary commands through a crafted request. Affected models include RBK752, RBK753, RBK753S, RBR750, RBS750, RBK842, RBR840, RBS840, RBK852, RBK853, RBR850, and RBS850 running firmware versions prior to 3.2.15.25 [1].

Exploitation

An attacker can exploit this vulnerability by sending a specially crafted network request to the affected device. No authentication or prior access is required; the attacker only needs network connectivity to the device [1].

Impact

Successful exploitation allows an unauthenticated attacker to execute arbitrary commands on the device, potentially leading to full compromise of the WiFi system, including data exfiltration, further network attacks, or disruption of service [1].

Mitigation

NETGEAR has released firmware version 3.2.15.25 that fixes this vulnerability. Users should upgrade their devices to this version or later immediately [1]. No workarounds have been provided.

References

Security Advisory for Pre-Authentication Command Injection on Some WiFi Systems, PSV-2020-0071

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/devicesdescription
Netgear/RBK752llm-fuzzy
Range: <3.2.15.25
Netgear/RBK852llm-fuzzy
Range: <3.2.15.25
Netgear/RBK753llm-fuzzy
Range: <3.2.15.25

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000061946/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0071mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000